Help Center> Cloud Bastion Host> User Guide> Logging In to the CBH System> Login Security Management> Updating a System Web Certificate
View PDF

Updating a System Web Certificate

A web certificate in CBH is a Secure Sockets Layer (SSL) server digital certificate issued by a trusted root certificate authority (CA) and used to verify the website identity and security of the CBH system.

A secure self-issued certificate is configured for each CBH system by default, but this certificate takes effect only within certain scope and period. You can replace it with your own certificate.

This topic describes how to update the system certificate if it expires or fails a security check.

  • You can purchase certificates from SSL Certificate Manager (SCM). For details, see Getting Started. After you download an issued certificate, convert the certificate format to .jks.
  • When you upload an SSL certificate, provide its password for verification, or the upload will fail.
  • You can also purchase SSL certificates from other vendors, as long as they meet upload requirements.

Constraints

  • Currently, the CBH system supports only the Java Keystore certificate files (.jks) of Tomcat.
  • A certificate file cannot exceed 20 KB and must contain a certificate password.

Prerequisites

  • You have purchased and downloaded an SSL certificate.
  • You have the management permissions for the System module.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security.

    Figure 1 System security configuration

  3. In the Web Certificate configuration area, click Edit.
  4. In the displayed Web Certificate dialog box, upload your certificate file.
  5. After the certificate file is uploaded, enter the Keystore password to verify the certificate.

    Figure 2 Web Certificate

  6. Click OK. You can then check the web certificate configuration of the current system user on the Security tab.
  7. Restart the CBH system for the certificate to take effect.

    Figure 3 System web certificate information