Managing certificates from a browser

A certificate authenticates the appliance over TLS. The certificate contains a public key, and the appliance maintains the corresponding private key, which is uniquely tied to the public key.

This section discusses certificate management from the perspective of the browser. For information on how a non-browser client (such as cURL) uses the certificate, see the documentation for that client.

NOTE:

In most cases, when accessing an appliance through its default self-signed certificate, the browser will issue a security warning that must be bypassed before getting to the appliance. While some browsers allow you to store a self-signed certificate indefinitely, you cannot permanently store a self-signed certificate in the Google Chrome browser -- the certificate will expire after a few days. For easier access, Hewlett Packard Enterprise recommends that you create a signed certificate for use with the appliance.

The certificate also contains the name of the appliance, which the TLS client uses to identify the appliance.

The certificate has the following boxes:

  • Common Name (CN)

    This name is required. By default it contains the fully qualified host name of the appliance.

  • Alternative Name

    The name is optional, but Hewlett Packard Enterprise recommends supplying it because it supports multiple names (including IP addresses) to minimize name-mismatch warnings from the browser.

    By default, this name is populated with the fully qualified host name (if DNS is in use), a short host name, and the appliance IP address.

    NOTE:

    If you enter Alternative Names, one of them must be your entry for the Common Name.

These names can be changed when you manually create a certificate signing request or create a self-signed certificate.