SSL Certificate Management/Self-Signed Certificates, Base 5.0 and Later
Applying SSL certificates to your Secure Remote Access Appliances helps to ensure the security of your support sites. View the basics of applying certificates, both self-signed and certificate-authority-signed.
Transcript: SSL Certificate Management/Self-Signed Certificates, Base 5.0 and Later
SSL Certificate Management
Your customers feel more confident in your security when you use SSL certificates to guarantee their interactions with your site are secure. Manage your certificates from the Security page of the /appliance interface.
From the Certificate Installation section, create a certificate request, create a self-signed certificate, or import a signed SSL certificate.
While a self-signed certificate is a quick way to secure your site, a signed certificate provides greater trust. Also, a signed certificate may be required for all software clients to make a connection through your site.
In the Certificates section, you can view a table of SSL certificates available on your appliance.
Under Certificate Requests, view all requests waiting to be signed. Click on a request name to access the data required by your certificate authority.
Under Keys, view all private keys that are resident on the appliance. Each key shows its certificate or request associations.
A self-signed certificate may be necessary on a temporary basis for testing or installing a Secure Remote Access Appliance. For long-term use, a certificate from a public certificate authority (CA) should be used instead.
You can manage your certificates from the Security page of the /appliance interface.
Start by clicking the Create button in the Certificate Installation section. Enter a Certificate Friendly Name to identify your certificate request. Select New Key.
Enter your two-character country code. Your country code can be found by going to iso.org. Enter your state or province if applicable and then your city or locality. Supply your organization name and organizational unit. For your common name, enter your site's fully qualified domain name.
Finally, enter one or more subject alternative names (SAN). A SAN lets you protect multiple hostnames with a single SSL certificate. These can be in the form of DNS addresses or IP addresses. A DNS address can be a fully qualified domain name, such as support.example.com, or it can be a wildcard domain name, such as *.example.com.
A wildcard domain name covers multiple subdomains, such as support.example.com, remote.example.com, and so forth. Be sure to define at least one SAN that matches your BeyondTrust support site name. If you are going to be using multiple hostnames for your site, be sure to define each of those hostnames as additional SANs.
Once you have finished with your configuration, click Create Self-Signed Certificate. Your self-signed certificate should now appear in the Certificates table.