Becoming your own local Certificate Authority
Global Certificate Authorities will only sign certificates for domains which officially exist in the wider world (and that you own). They will not issue certificates for internal domain names (such as mynetwork.internal). If you need to secure internal traffic, you will need to have a local Certificate Authority.
- Visit webadmin and go to Security > Certificates
- Click on the Certificate Authority tab
- Enter the relevant details and click Create Certificate Authority:
- Once created, the page will change to show the certificate authority details and status:
You will need to install the local CA cert on all devices that will use internal SSL-enabled services as otherwise they will not trust the certificates you issue. You may download the CA cert by clicking on Download below "Certificate:" or you may copy and paste the CA cert by clicking Show/Hide certificate.
Viewing and revoking certs
The Issued certs section shows all certificates that you have issued and their status. If a certificate is not revoked, you may download it by clicking on its subject in the first column.
If you want to make a certificate invalid for use (or generate a new certificate with the same subject), you will need to use the Revoke option alongside the certificate.
Signing certificates from requests generated elsewhere
If you have a Certificate Signing Request (CSR) generated on another machine (e.g. Windows or an internal web-server), you may use the Sign certificate section to upload the CSR. Once signed, the certificate can be downloaded from the Issued certs section.
An worked example of enabling LDAPS on your Active Directory domain controllers can be found here.