Updated on 2024-06-12 GMT+08:00

Updating a System Web Certificate

A web certificate in CBH is a Secure Sockets Layer (SSL) server digital certificate issued by a trusted root certificate authority (CA) and used to verify the website identity and security of the CBH system.

A secure self-issued certificate is configured for each CBH system by default, but this certificate takes effect only within certain scope and period. You can replace it with your own certificate.

This topic describes how to update the system certificate if it expires or fails a security check.

Prerequisites

  • You have purchased and downloaded an SSL certificate.
  • The domain name the uploaded certificate is used for has been resolved to the EIP bound to the CBH instance.
  • You have the management permissions for the System module.

Constraints

  • Currently, the CBH system supports only the Java Keystore certificate file of Tomcat, that is, the certificate file in .jks.
  • A certificate file cannot exceed 20 KB and must contain a certificate password.

    When you upload an SSL certificate, provide its password for verification, or the upload will fail.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Security.
  3. In the Web Certificate configuration area, click Edit.
  4. Upload the certificate file downloaded in your computer.
  5. After the certificate file is uploaded, enter the Keystore password to verify the certificate.
  6. Click OK. You can then check the web certificate configuration of the current system user on the Security tab.
  7. Restart the CBH system for the updated certificate to take effect.

    You can use either of the following methods to restart the CBH system:

    Figure 1 System web certificate information