Updated on 2024-09-30 GMT+08:00

Updating a System Web Certificate

A web certificate for a bastion host is a Secure Sockets Layer (SSL) server digital certificate issued by a trusted root certificate authority (CA). The certificate is used to verify the website identity and secure connections.

A secure self-issued certificate is configured for each bastion host by default, but this certificate takes effect only within certain scope and period. You can replace it with your own certificate.

This topic describes how to update the system certificate if it expires or fails a security check.

Prerequisites

  • You have purchased and downloaded an SSL certificate.
  • The domain name the uploaded certificate is used for has been resolved to the EIP bound to the bastion host. For details, see Adding an A Record Set.
  • You have the management permissions for the System module.

Constraints

  • Currently, only the Java Keystore certificate file of Tomcat, that is, the certificate file in .jks is supported.
  • A certificate file cannot exceed 20 KB and must contain a certificate password.

    When you upload an SSL certificate, provide its password for verification, or the upload will fail.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > Security.
  3. In the Web Certificate configuration area, click Edit.
  4. Upload the certificate file downloaded in your computer.
  5. After the certificate file is uploaded, enter the Keystore password to verify the certificate.
  6. Click OK. You can then check the web certificate configuration of the current system user on the Security tab.
  7. Restart the bastion host for the updated certificate to take effect.