IPF Certificates
Important
Only CSR generated by the IP Fabric can be signed, uploaded and used as an SSL certificate. No other certificate will be applied.
IP Fabric uses a secure TLS connection to access the user interface. A
self-signed certificate is generated during the installation process,
but by the nature of SSL/TLS, the self-signed certificate cannot be
trusted as indicated in a SSL/TLS error in the web browser (for
example NET::ERR_CERT_AUTHORITY_INVALID
in Google
Chrome).
We recommend that you replace the self-signed certificate with your own certificate that is signed by a trusted certification authority.
To do this you have to:
- generate a certificate signing request (CSR) in the IP Fabric
- sign the generated signing request with a trusted certification authority
- upload the signed certificate back to IP Fabric
Generate Certificate Signing Request (CSR)
- Go to Settings → System → IPF Certificates.
- Fill in Create a CSR (Certificate Signing Request) form.
Note
Short Subject Alternative Names (only hostnames without a domain name) are not accepted by all CAs. To remove it from the CSR use the Include DNS short name in CSR SAN toggle.
Sign CSR
This step depends on the vendor and particular version of your certification authority so check the vendor’s documentation.
Upload Signed Certificate
Warning
Only PEM (Base 64 encoded) certificate format is supported.
Warning
Only a certificate that was created by signing the last CSR request can be uploaded to IP Fabric! If you generate another CSR before uploading previously generated and signed CSR, the certificate will not be applied.
- Go to Settings → System → IPF Certificates.
- Click Upload (the right upper corner)
- Drag and drop certificate or Select file
- The IP Fabric web can be unresponsive for a few seconds while a new certificate is being installed
- Close your browser and re-open IP Fabric web UI
Note
If you are signing an SSL certificate by a certificate authority that also has intermediate certificates, the whole certificate chain needs to be included in the final certificate uploaded to IP Fabric in one continuous file.
----- BEGIN base64server certificate END -----
----- BEGIN base64intermediate certificate END -----
----- BEGIN base64root certificate END -----
Fillable fields forbidden characters
Fields Organisation name, Department, City, State/Province can contain only the following characters A-Za-z0-9.,/-_@%^:=+