Configuring SSL for Mobile Controllers : Modifying SSL Server Certificate Settings
  
Modifying SSL Server Certificate Settings
You can modify Mobile Controller certificate authority (CA) settings in the Configure > SSL > Signing CA page. You can perform the following tasks on the Signing CA page:
•  To view signing CA details
•  To add a chain certificate
•  To view a CA in PEM format
•  To replace a Mobile Controller signing CA
•  To export an existing certificate
•  To generate a CSR
For basic steps for configuring SSL in the Mobile Controller and the SteelHead, see Basic Steps for Configuring SSL.
To view signing CA details
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
Figure: Signing CA - Details Page
2. Select the Details tab to display the Signing CA - Details page.
The Signing CA - Details page displays the following information for the Mobile Controller CA.
Field
Description
Issued To/Issued By
Common Name - Specifies the common name of the certificate authority.
Organization - Specifies the organization name (for example, the company).
Organization Unit - Specifies the organization unit (optional).
Locality - Specifies the city.
State - Specifies the state.
Country - Specifies the country.
Serial Number - Specifies the serial number (Issued To, only).
Validity
Issued On - Specifies the date the certificate was issued.
Expires On - Specifies the date the certificate expires.
Fingerprint
SHA1 - Specifies the SSL fingerprint.
To add a chain certificate
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
Figure: Signing CA - Details Page
2. Complete the configuration as described in this table.
 
Control
Description
Add a New Chain Certificate
Displays the controls to add a chain certificate.
Use Existing CA
Select to use an existing certificate authority, and then select the certificate authority from the drop-down list.
Use New Certificate(s) PEM or DER formats
Select to use a new certificate.
Optional Local Name
Optionally, specify a local name for the certificate.
Local File
Browse to the local file.
Cert Text
Paste the contents of the certificate text file into the text box.
Add
Adds the chain certificate to the chain certificate list.
Remove Selected
Select the check box next to the name and click Remove Selected.
3. Click Save to save the settings permanently.
To view a CA in PEM format
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
2. Under SMC Signing CA Key/Certificate, select PEM to display the CA in the PEM format.
Figure: Signing CA Page
To replace a Mobile Controller signing CA
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
2. Under SCCM Signing CA Key/Certificate, select Replace to display the import CA options.
Figure: Signing CA - Replace CA Page
3. Complete the configuration as described in this table.
Control
Description
Import Existing Private Key and CA-Signed Public Certificate
(One File in PEM or PKCS12 Formats)
Imports the existing private key and CA-signed public certificate as a single file.
The page displays controls for importing a single file either by browsing to and uploading the certificate and keys or by using the text box to copy and paste a PEM file.
Then enter the decryption password in the Decryption Password field, if necessary.
Note: Decryption passwords are required for PKCS-12 files, and they are optional for PEM files.
Import Existing Private Key and CA-Signed Public Certificate
(Two Files in PEM or DER Formats)
Imports the existing private key and CA-signed public certificate as two separate files.
Import the private key either by browsing to and uploading the file or by copying and pasting a PEM file into the key text box. Then enter the decryption password in the Decryption Password field, if necessary.
Note: Decryption passwords are optional for PEM files, and they are never needed for DER files.
Import the public certificate either by browsing to and uploading the file or by copying and pasting a PEM file into the certificate text box.
Generate New Private Key and Self-Signed Public Certificate
Select this option to generate a new private key and self-signed public certificate.
Cipher Bits - Select the key length from the drop-down list. The default value is 1024.
Common Name (required) - Specify the hostname of the peer.
Organization Name - Specify the organization name (for example, the company).
Organization Unit Name - Specify the organization unit name (for example, the section or department).
Locality - Specify the city.
State (no abbreviations) - Specify the state.
Country (2-letter code) - Specify the country (two-letter code only).
Email Address - Specify the email address of the contact person.
Validity Period (Days) - Specify how many days the certificate is valid. The default value is 730.
4. Click Import Key and Certificate to import the key and certificate (for imported keys), or click Generate Key and Certificate to generate the key and certificate (for new keys).
5. Click Save to save the settings permanently.
To export an existing certificate
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
Figure: Signing CA - Export Page
2. Under SMC Signing CA Key/Certificate, select Export to display the export CA options.
3. Complete the configuration as described in this table.
 
Control
Description
Password/Password Confirm
Specify and confirm the encrypted password if you are including the private key (required if including key). The password must be at least four characters long.
Include Private Key
Includes the private key in the export.
Export
Exports the SteelHead appliance peering certificate and key.
4. Click Save to save the settings permanently.
To generate a CSR
1. Choose Configure > SSL > Signing CA to display the Signing CA page.
Figure: Signing CA - Generate CSR Page
2. Select the Generate CSR tab to display the CSR options.
3. Complete the configuration as described in this table.
Control
Description
Common Name (required)
Specify the common name (hostname) of the peer.
Organization Name
Specify the organization name (for example, the company).
Organization Unit Name
Specify the organization unit name (for example, the section or department).
Locality
Specify the city.
State
Specify the state. Do not abbreviate.
Country (2-letter code)
Specify the country (2-letter code only).
Email Address
Specify the email address of the contact person.
Generate CSR
Generates the Certificate Signing Request.
4. Click Save to save the settings permanently.