Configuring system certificates
Secure communications between systems requires that certificates are configured on the system. To ensure that the certificate and public ID of the system are valid and secure, each system has a digital Secure Sockets Layer (SSL) certificate.
About this task
Before you create a request for a specific certificate, ensure that your current browser does not have restrictions on the type of keys that are used for certificates. Some browsers limit the use of specific types of keys for security and compatibility issues.
If a specific certificate is signed by an intermediate certificate authority (CA), then the full chain of certificates must be installed. To install the signed certificate and certificate authority (CA) certificates, create a single file that contains the full chain of certificates. The file should include the signed certificate and the intermediate CA certificates. The root CA certificate can be included but is optional.
To manage the certificate that is installed on a system, use either the svctask chsystemcert (only for default), svctask mksystemcertstore, svctask chsystemcertstore, svctask rmsystemcertstore commands in the command-line interface (CLI) or click in the management GUI to do the following tasks:
- Upload signed certificate
- Update certificate
- Cancel outstanding signing request
- Export system certificate
- Export root certificate
- Remove system certificate