Help Center/ Cognitive Engagement Center/ User Guide/ Tenant Administrator Guide/ Configuring Public Resources/ Managing Certificates
Updated on 2024-10-12 GMT+08:00
View PDF
Share

Managing Certificates

A tenant administrator can import certificates for management purposes.

Prerequisites

You have obtained the certificate file and certificate information.

The obtaining methods include:

  • CLI
  1. Run the following command on the Windows 10 or Linux host: 

    echo -n | openssl s_client -connect IP:PORT 2>&1 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > yourcert.pem

    For example, run the following command to generate a Huawei email server certificate:

    echo -n | openssl s_client -starttls smtp -connect smtp.huawei.com:587 2>&1| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > smtp.pem

    Alternatively, run the following command:

    echo -n | openssl s_client -connect popscn06.huawei.com:995 2>&1| sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > pop.pem

    Certificate files in other formats (such as .jks, .cer, and .crt) can be converted.

  • Browser
  1. Enter the address in the browser address bar, click View site information in front of the address to obtain the certificate file.

    The following takes obtaining the Huawei email server certificate as an example:

    1. Open a browser, enter https://dggpro-b.paas.huawei.com/cloudauth/?redirect=https%3A%2F%2Fcn02%2Eemail%2Ehuawei%2Ecom%3A%2Fowa in the address box, and log in to the mailbox using a domain account.
    2. After login, click View site information in front of the address, and then click Certificate (Valid).

    3. Click the Certification Path tab, select the root certificate, and click View Certificate.

      All branch sites of a website can use the root certificate in the certificate chain for authentication. Therefore, the root certificate is recommended to reduce the certificate maintenance workload.

    4. In the dialog box that is displayed, click the Details tab, click Copy to File, and click Next. (You can also click the Certificate Path tab to export the root certificate or level-2 certificate. The export method is similar.)

    5. Select a certificate format and click Next.

    6. Enter the name of the certificate file to be exported and click Next.

    7. Click Finish to generate a certificate file. The file name is the complete path of the certificate file.

Procedure

  1. Sign in to AICC as a tenant administrator and choose Configuration Center > System Management > Certificate.
  2. Click New. The Adding a Certificate dialog box is displayed.

    Figure 1 Adding a Certificate

    Table 1 Parameters for adding a certificate

    Parameter

    Description

    Certificate Name

    Enter a customized certificate name.

    The value can contain a maximum of 64 characters.

    Certificate Description

    Enter a customized certificate description.

    The value can contain a maximum of 256 characters.

    Certificate Type

    Select a certificate type that is supported by the system.

    • JKS
    • DER
    • PKCS12
    • PEM
    NOTE:

    The encryption algorithm used by a certificate in PKCS12 format is insecure and has security risks. You are advised to add a certificate in another format, such as JKS.

    Certificate Password

    Enter a certificate password.

    The value can contain a maximum of 256 characters.

    Certificate File

    Select a local certificate file.

    CRL File

    Select a local CRL file.

  3. Click Save. The certificate is uploaded successfully and takes effect 10 minutes later.

Follow-up Procedure

After the certificate is uploaded successfully, you can perform the following operations:

  • Click Edit in the Operation column to update the certificate.
  • Click Discard in the Operation column to discard the certificate.
  • Click Reuse in the Operation column to reuse a discarded certificate.