Configuring a single device certificate

To access the CSR by the first method, follow these steps.

Procedure

  1. From the Configure tab, click Devices in the navigation panel.
  2. Select the device.
  3. Click Change for the Signed Device Certificate section at the bottom of the page.

What to do next

After Change is clicked, the CSR is displayed in a manner that enables it to be copied out of the Manager Web Interface and submitted to a CA. The certificate that is issued by the CA must contain the Common Name (CN) field of the Subject Distinguished Name and the content of the Subject Alternative Name as indicated in the CSR.

These parameters are validated by the Manager Web Interface when the certificate is pasted back into the interface. Once updated, the certificate is published to the device and uses it. Another restriction is that if the external CA sets the key usage field of the device certificate, then both SSL_CLIENT and SSL_SERVER key usage fields must be set.

Note: When pasting a certificate chain rather than a single certificate, all certificates up to, but not necessarily including, a configured CA must be included. If unspecified intermediate CAs are involved in issuing the certificate, and they are not included, the input fails.
Note: If you want to change from an external certificate to a signed internal device certificate, delete all certificate contents within the text box on the Edit Device Certificate page and click Update.