Description

This article describes how to manage SSL Certificate Chains. It is important to note that SSL Certificate Chains can be Added, Unassigned from an SSL Offload Profile and Deleted. They cannot be edited. If you need to make a change to the SSL Certificate Chain, you must delete it, and recreate it.

For more information on SSL Certificate Chains, See: Introduction to Virtual Listeners / VIPs in MCP 2.0

Prerequisites:

Add SSL Certificate Chain

  1. User must have either Primary Administrator or Network Role
  2. Network Domain must be an Advanced Network Domain
  3. The certificate chain must be in PEM (ASCII) format.
    1. There may be one or more certificates in the text, each:
      1. Needs to start with "-----BEGIN CERTIFICATE-----"
      2. Needs to end with "-----END CERTIFICATE-----"
  4. The input must NOT have any keys in PEM (ASCII) format
    1. Input should not include: "-----BEGIN ENCRYPTED PRIVATE KEY-----" or "-----END ENCRYPTED PRIVATE KEY-----"
  5. The SSL Certificate Chain must be valid
  6. The SSL Certificate Chain Expiration Date must be valid
  7. The maximum number of certificate elements (levels) inside the SSL Certificate Chain is 10
  8. PKX/PKCS Unencrypted Formats are Acceptable
  9. Limit of 100 Certificate Chains per Network Domain

Delete SSL Certificate Chain

  1. User must have either Primary Administrator or Network role
  2. SSL Certificate Chain ID is not currently used in an SSL Offload Profile

Content / Solution:

Add SSL Domain Certificate

  1. From the Home page, select the Data Center where the Network Domain on which you want to add an SSL Certificate Chain is located:


  2. The Data Center dashboard will be displayed. Select the Network Domain on which you want to add an SSL Certificate Chain:


  3. The Network Domain dashboard will be displayed:


  4. Click on the Load Balancing / Virtual IPs tab, then click on the Actions button and select Add SSL Certificate / Certificate Chain button:


  5. The Add SSL Domain Certificate dialog will be displayed: 


  6. Select SSL Certificate Chain from the Certificate Type drop-down menu:


  7. Fill out the form with the desired information:

    • Certificate Type - SSL Certificate Chain
    • SSL Certificate Chain NameThe Name must be unique within the Network Domain
    • DescriptionThe optional Description is limited to a maximum length of 255 characters.
    • Certificate TextThe Certificate Text can contain up to 10 Certificates
      • The certificate chain must be in PEM (ASCII) format.
        1. There may be one or more certificates in the text, each:
          1. Needs to start with "-----BEGIN CERTIFICATE-----"
          2. Needs to end with "-----END CERTIFICATE-----"
      • The input must NOT have any keys in PEM (ASCII) format
        1. Input should not include: "-----BEGIN ENCRYPTED PRIVATE KEY-----" or "-----END ENCRYPTED PRIVATE KEY-----"
    • You can click the Add another certificate button to create another certificate, or
    • You can click the Create SSL Offload Profile button to create an SSL Offload Profile
      • Note: You can choose either Add another certificate or Create SSL Offload Profile. You cannot select both. 

  8. Once the form has been filled out with the desired information, click the Add SSL Certificate Chain button:


  9. Once complete, the system will display a success message:


  10. The SSL Certificate Chain will be displayed:

Unassign SSL Certificate Chain from an SSL Offload Profile

  1. Locate the SSL Certificate Chain that you want to un-assign from the SSL Offload Profile. Click on the Manage gear, and select Unassign SSL Certificate Chain:


  2. The Unassign SSL Certificate Chain dialog will be displayed. Click Confirm:


  3. The SSL Certificate Chain will be unassigned from the SSL Offload Profile. It will be added to the Unassigned SSL Certificate Chains tab:

Delete SSL Certificate Chain

  1. Locate the SSL Certificate Chain that you want to delete. Click on the Manage gear, and select Delete SSL Certificate Chain:


  2. The Delete SSL Certificate Chain dialog will be displayed. Click Delete:


  3. The system will display a message indicating that the SSL Certificate Chain has been deleted:


  4. The SSL Certificate Chain will be deleted: