Description

This page describes how to manage SSL Doman Certificates. It is important to note that SSL Domain Certificates can be Added and Deleted. They can not be edited. If you need to make a change to the SSL Domain Certificate, you must delete it and recreate it.

For more information about SSL Domain Certificates, see: Introduction to Virtual Listeners / VIPs in MCP 2.0

Prerequisites:

Add SSL Domain Certificate

  1. User must have either Primary Administrator or Network Role
  2. Network Domain must be an Advanced Network Domain
  3. The Certificate must be in PEM (ASCII) format
    1. Needs to start with "-----BEGIN CERTIFICATE-----"
    2. Needs to end with "-----END CERTIFICATE-----"
  4. Key must be in PEM (ASCII) format (we will only accept RSA keys).
    1. The majority of SSL private keys:
      1. Start with: "-----BEGIN PRIVATE KEY-----"
      2. End with "-----END PRIVATE KEY-----"

    2. Some certificate authority (CA) issuers will include the SSL type (we will only accept type RSA) as follows: 

      1. Starts with "----BEGIN RSA PRIVATE KEY-----"
      2. Ends with "-----END RSA PRIVATE KEY-----"
  5. The Key must NOT be protected by a passphrase
    1. Such keys are preceded by "-----BEGIN ENCRYPTED PRIVATE KEY-----" and end with "-----END ENCRYPTED PRIVATE KEY-----"
  6. Neither the SSL Certificate nor the Key can be in PKCS format
  7. The SSL certificate and Key must be  "valid"
  8. The SSL Certificate and Key must be a "matching pair" (i.e. the Key is the correct Key for that certificate)
  9. The certificate key length must be one of the lengths allowed for the data center location
    1. Each Data Center location has a list of "acceptable" key lengths. See How do I Identify Hardware Specifications and Capabilities Available in a Data Center Location
    2. NOTE: 512-bit key length is not recommended (due to exploitability)
  10. SSL Certificate Expiration Date must be "valid"
  11. There is a limit of 100 SSL Domain Certificates per Network Domain

Delete SSL Domain Certificate

  1. User is Network role or Primary Administrator
  2. SSL Domain Certificate Id is not currently used in an SSL Offload Profile

Content / Solution:

Add SSL Domain Certificate

  1. From the Home page, select the Data Center where the Network Domain on which you want to add an SSL Domain Certificate is located:


  2. The Data Center dashboard will be displayed. Select the Network Domain on which you want to add an SSL Domain Certificate:


  3. The Network Domain dashboard will be displayed:


  4. Click on the Load Balancing / Virtual IPs tab, then click on the Actions button and select Add SSL Certificate / Certificate Chain button:


  5. The Add SSL Domain Certificate dialog will be displayed:


  6. Fill out the form with the desired information:

    • Certificate Type - SSL Domain Certificate (*Selected by default)
    • SSL domain Certificate Name - The Name must be unique within the Network Domain
    • Description - The optional Description is limited to a maximum length of 255 characters.
    • Certificate Text - Certificate must be in PEM (ASCII) format. The certificate should start with "-----BEGIN CERTIFICATE-----" and should end with "-----END CERTIFICATE-----". SSL Certificate cannot be in PKCS format.
      • Note: Certificate text can be very long. Be sure you have captured the entire text of the Certificate
    • Certificate Key - Certificate must be in PEM (ASCII) format. The certificate should start with "-----BEGIN PRIVATE KEY-----" OR "----BEGIN RSA PRIVATE KEY-----" and should end with "-----END CERTIFICATE-----" OR "-----END RSA PRIVATE KEY-----". Key cannot be in PKCS format.
      • Note: Certificate Key text can be very long. Be sure you have captured the entire text of the Certificate Key
    • You can click the Add another certificate button to create another certificate
    • You can click the Create SSL Offload Profile button to create an SSL Offload Profile

  7. Once the form has been filled out with the desired information, click the Add SSL Domain Certificate button:


  8. Once complete, the system will display a success message:


  9. The SSL Domain Certificate will be displayed:

Delete SSL Domain Certificate

  1. Locate the SSL Domain Certificate that you want to delete. Click on the Manage gear, and select Delete SSL Domain Certificate:


  2. The Delete SSL Domain Certificate dialog will be displayed. Click Delete:


  3. The system will display a success message indicating that the SSL Domain Certificate has been deleted:


  4. The SSL Domain Certificate will be deleted: