Skip to content

IP Fabric Web Certificate

Important

Only CSR generated by the IP Fabric can be signed, uploaded and used as an SSL certificate. No other certificate will be applied.

IP Fabric uses a secure TLS connection to access the user interface. A self-signed certificate is generated during the installation process, but by the nature of SSL/TLS, the self-signed certificate cannot be trusted as indicated in a SSL/TLS error in the web browser (for example NET::ERR_CERT_AUTHORITY_INVALID in Google Chrome).

We recommend that you replace the self-signed certificate with your own certificate that is signed by a trusted certification authority.

To do this you have to:

  1. generate a certificate signing request (CSR) in the IP Fabric
  2. sign the generated signing request with a trusted certification authority
  3. upload the signed certificate back to IP Fabric

Generate Certificate Signing Request (CSR)

  1. Go to Settings → Advanced → System → IP Fabric Certificate.
  2. Fill in Create a CSR (Certificate Signing Request) form.

Note

Short Subject Alternative Names (only hostnames without a domain name) are not accepted by all CAs. To remove it from the CSR use the Include DNS short name in CSR SAN toggle.

Sign CSR

This step depends on the vendor and particular version of your certification authority so check the vendor's documentation.

Upload Signed Certificate

Warning

Only PEM (Base 64 encoded) certificate format is supported.

Warning

Only a certificate that was created by signing the last CSR request can be uploaded to IP Fabric! If you generate another CSR before uploading previously generated and signed CSR, the certificate will not be applied.

  1. Go to Settings → Advanced → System → IP Fabric Certificate.
  2. Click Upload (the right upper corner)
  3. Drag and drop certificate or Select file
  4. The IP Fabric web can be unresponsive for a few seconds while a new certificate is being installed
  5. Close your browser and re-open IP Fabric web UI

Note

If you are signing an SSL certificate by a certificate authority that also has intermediate certificates, the whole certificate chain needs to be included in the final certificate uploaded to IP Fabric in one continuous file.

  ----- BEGIN base64server certificate END -----

  ----- BEGIN base64intermediate certificate END -----

  ----- BEGIN base64root certificate END -----