Import an appliance certificate

After sending a certificate signing request to the CA and receiving a certificate, you must import it.

There are two ways to import a CA-signed appliance certificate. You can choose either of the following:
  • Import the full certificate chain of a CA-signed appliance certificate in the Import appliance certificate screen.

  • Add root CA and intermediate CA certificates or either of them to the appliance in the Add certificates screen. Then, import the leaf level CA-signed appliance certificate in the Import appliance certificate screen.

NOTE:

The maximum number of CA certificates that can be present in the certificate chain is nine. Setting a maximum certificate chain depth means that appliance rejects any certificate from being imported if the certificate chain depth is higher than the maximum limit. The maximum certificate chain depth is set by default on the appliance, and cannot be customized by the user.

Additionally, each CA certificate can have the Path Length Constraint attribute set under the Basic Constraints extension. The Path Length Constraint attribute defines the maximum number of non self-issued intermediate certificates that can follow the CA certificate in a valid certification path.

The maximum chain depth and path length constraint applies to appliance web server certificates as well as external device and server certificates. The appliance fails to connect to any device or server if it has a certificate chain depth higher than the maximum limit.

Prerequisites
  • Privileges: Infrastructure administrator.

  • Ensure that no other users are logged into the appliance.

Procedure
  1. From the main menu, select Settings.
  2. Click Security.
  3. Select Actions > Import appliance certificate.
  4. Copy the full certificate text and paste it into the box in the following order:
    1. Leaf level CA-signed appliance certificate

    2. Intermediate CA certificates

    3. Topmost root CA certificate

  5. Click OK.
  6. After the appliance web server restarts and reconnects, log in to the appliance.

    This certificate is also used as the SCMB server certificate.

More information