Using an External Certificate Authority (CA)

If you are using an external certificate authority, you only have to connect to the VA from the source to import the certificate.

Prerequisites

  • The ability to use TLS 1.0 to 1.2

  • You have created at least one virtual appliance cluster

  • CA root and intermediate certificates are in the Java CA certificates keystore

  • The certificate is on the source

Perform the following:

  1. In the source, ensure that the following are true:

    • The hostname for the source matches the hostname in the virtual appliance's configuration.

    • The source is connected to the virtual appliance you configured to use TLS.

      Note
      If using Active Directory with IQService enabled, the Hostname cannot be an IP Address.

  2. Change the Port to 636.

  3. If available, enable the Use TLS option.

  4. Test the connection.

The source's certificate is auto-imported to the VA.

Replace an Expired Certificate Issued by an External CA

When your certificate has expired, you can replace it on the source and then reboot your VA.

Prerequisites

Complete the process as described in Adding the Certificate to the Virtual Appliance.

Perform the following:

  1. Add the new certificate on the source with a new name.

  2. Restart the Connector Gateway using the following commands:

    sudo systemctl restart ccg

    The source's certificate is auto-imported to the VA.