Skip to content

Configuring a Web Certificate

Access the Mediation Controller server's web interface with the URI /system.

Examples

If access to the Mediation Controller on its web IP address is 10.0.10.10, then access to the system interface will use the URL: https://10.0.10.10/system.

If access to the Mediation Controller is possible with a DNS name, for example cyberelements-cleanroom.domain.local, then access to the system interface will use the URL: https://cyberelements-cleanroom.domain.local/system.

Important !

For any changes to the password, license, or certificates (SSL Router, Watchdog, and cyberelements Cleanroom client), connect to the actual IP address for clusters (RIP_MED_WEB_MASTER or RIP_MED_WEB_SLAVE).

Creating a PKI

  1. Select the tile PKIs:

  2. Click on the PKI creation button:

  3. Give the new PKI a name. Add a description if necessary. Select Certificates for Web servers in the Usage field and then click Validate:

  4. Edit the new PKI by clicking on the gear icon:

  5. Then add new certification authorities using the following button:

  6. Select your certification authority certificate file and confirm your choice:

    You will need to repeat the last two steps as many times as you have certification authorities. We recommend adding all certification authorities.

    Warning

    Your web certificate, the one whose CN matches your domain name, should not be added as a certificate authority certificate. This error may cause alerts on some web browsers.

  7. Select the lowest level of certification authorities (corresponds to the highest number in the Niveau column) then click on Configure certificates:

  8. Add the new certificate using the add button then enter the certificate information:

Applying the certificate

We do not recommend modifying the Default web interface; therefore, there are two possible scenarios:

  1. Create a new web interface to apply the web certificate
  2. Modify the web certificate of an existing web interface

Click on the tile Virtual Hosts:

  1. Click on the + button:

  2. An Add new Web interface window will open.

Perform the following actions:

  • Enter the IP address of your Mediation Controller server (1)
  • Enter the name of the PKI created previously (2)
  • Enter the certification authority containing the web certificate (3)
  • Select the certificate (4)
  • Add the virtual host used (5), choose at least one VPN web virtual host in order to have access to the web consoles. Several virtual hosts can be added.
  • Click on the + button to add the selected virtual host (6)
  • Click on the Validate (7) button.

Perform the following actions:

  • Enter the IP address of your Mediation Controller server (1)
  • Specify the Mediations Controllers servers affected by the web interface (2) and therefore the IP address assigned to the server(s).
  • Enter the name of the PKI created previously (3)
  • Enter the certification authority containing the web certificate (4)
  • Select the certificate (5)
  • Add the virtual host used (6), choose at least one VPN web virtual host in order to have access to the web consoles. Several virtual hosts can be added.
  • Click on the + button to add the selected virtual host (7)
  • Click on the Validate (8) button.
  1. Select the web interface to be modified and click on the edit settings button:
  2. If necessary, modify the PKI to which the new web certificate belongs, then assign the desired web certificate and confirm the modification: