HTTPS Keystore (uigwt0009m000)
Use this page to configure the keystore for secure communication (HTTPS) between the browser and the web server. The keystore contains a public/private key pair and an SSL certificate.
By default, this page is read-only. You can edit the fields under Subject Details and Certificate Extensions by clicking .
When you save changes you made on this page, the keystore is generated with a new self-signed key pair using the specified values. If the keystore already exists, the existing key pair is overwritten by the new key pair.
This table shows the fields on the page:
| Field Group | Field | Description |
|---|---|---|
| Keystore Details | Keystore File Path | The location of the HTTPS keystore on the UI server. |
| Certificate issued by | The identity of the certificate authority that supplies the keystore’s SSL certificate. | |
| Certificate origin | Indicates whether the keystore has a self-signed SSL certificate or an SSL certificate that was supplied by a certificate authority. | |
| Subject Details | Subject Common Name (CN) | The hostname to which the SSL certificate
applies. Default: the Fully Qualified Domain Name of the UI server. |
| Organizational Unit (OU) | The organization branch. | |
| Organization (O) | The legally registered organization name. | |
| Locality or City (L) | The full name of the city. | |
| State or Province (S) | The full name of the state. | |
| Country (C) | The two-letter ISO code of the country. | |
| Created | The start date of the certificate validity. This field is read-only. | |
| Valid Until | The end date of the certificate validity. This field is read-only. | |
| Certificate Extensions | Subject Alternative Name (SAN) | The first Subject Alternative Name value
that identifies the hostname of the provided SSL certificate. This value is
always present to provide optimal compatibility with browsers. This field is read-only. |
| Additional SAN(s) | Optionally, specify additional Subject Alternative Names to identify the hostname of the provided SSL certificate. |
This table shows the toolbar buttons:
| Field or Button | Description |
|---|---|
| Edit | Click this button to edit the fields under Subject Details and Certificate Extensions. See the previous table. |
| GENERATE CSR | Creates the Certificate Signing Request (CSR) for the CA. |
| IMPORT CA REPLY | Click this button to update the Tomcat HTTPS keystore with the Reply
received from the CA. The file must be in Base64 (PEM) encoding and contain a
certificate chain or a PKCS#7 container. A dialog box, where you must select the file to upload, is displayed. To start the upload, click . |
| IMPORT TRUSTED CERTIFICATE | Click this button to update the Tomcat HTTPS keystore with
the trusted certificate received from the CA. The file must be in Base-64
encoded X.509 format (.cer). A dialog box, where you must select the file to upload, is displayed. To start the upload, click . |