Help Center> Cloud Bastion Host> FAQs> User, Resource, and Policy Configuration in a CBH System> System Configuration> How Do I Update the Web Certificate of a CBH System?
View PDF

How Do I Update the Web Certificate of a CBH System?

A web certificate in CBH is a Secure Sockets Layer (SSL) server digital certificate issued by a trusted certificate authority (CA) and used to verify the website identity and security of a CBH system.

A CBH system is configured with a secure self-issued certificate by default. Due to the authentication protection scope and time limit of the self-issued certificate, you can replace the certificate with your own certificate. However, if your own certificate expires or its security scanning fails, you need to use the self-issued certificate to ensure the CBH system security.

Prerequisites

  • You have purchased an SSL certificate and downloaded the issued certificate.
  • Currently, the CBH system supports only the Java Keystore certificate file of Tomcat, that is, the certificate file in .jks.
  • The certificate file cannot exceed 20 KB in size, and the certificate file contains the certificate password.
    • You are advised to purchase certificates from SSL Certificate Manager (SCM). For details about how to apply for a certificate in SCM, see Getting Started. After downloading an issued certificate, convert the certificate format to .jks.
    • If the certificate password is not included, the uploaded certificate cannot be verified. The SSL certificate file cannot be uploaded to the CBH system.
    • You can also purchase an SSL certificate that meets the requirements from other vendors.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security.
  3. In the Web Certificate configuration area, click Edit. The Web Certificate configuration window is displayed.

    Figure 1 Web Certificate configuration

  4. Upload the certificate file downloaded in your computer.
  5. After the certificate file is uploaded, enter the certificate password to verify the file.
  6. Click OK. You can then go to the Security configuration page and view the configured web certificate information.
  7. Restart the system for the certificate to take effect.

    Choose System > System Maintain > System Mgmt. In the System Tools area, click Restart for the newly uploaded certificate to take effect.

For more web security configuration operations, see System Configuration > Security Configuration.

Parent topic: System Configuration