The ITA server is installed with self-signed security certificate. When you connect to the server from a web browser, you might receive warnings about the security certificate. It is recommended, after the ITA installation is complete, to purchase and install a security certificate issued by a trusted certificate authority.
To change your SSL certificate on the ITA server, the certificate must be the Apache 2.x/PEM format with two files: *.key, *.crt.
It is best practice to disable access to the web clients before you update any certificates to make sure no client is connected with a false certificate.
In a cluster setup, certificates can only be uploaded to the master and are automatically synchronized to the slave.
If your setup includes a disaster recovery node that needs a certificate, upload certificates to the DR server the same way as for a standalone server.
Preparing a certificate for upload
A password protected key is not supported. Strip the password from the key before uploading it.
Intermediate or certificate bundle
If your certificate chain requires an intermediate certificate, append it to the .cert file. When appending, make sure you include everything, including the lines: "
-----BEGIN CERTIFICATE-----" & "
-----END CERTIFICATE-----" There may be several lines for this intermediate certificate.
No users in the system during upload
The Apache HTTPD server will be reloaded during this process, so make sure no users are using the system during the upload.
Uploading a certificate
- Open the Webmin web interface by selecting Administration > Webmin in the IT Advisor web client.
Alternatively, type the address of your EcoStruxure IT Advisor server in a Web browser followed by :10000,
https://<ITA server IP>:10000.
- Log into Webmin using the user credentials created during the installation. Select EcoStruxure IT Advisor in the left menu.
- In the submenu, select Certificates.
- Follow the instructions on the page.
- Verify that everything is working correctly. Launch a web client and check that there's a green pad lock icon in the address line.