Managing an HTTPS certificate for secure access

Contributors netapp-bcammett

By default, BlueXP uses a self-signed certificate for HTTPS access to the web console. You can install a certificate signed by a certificate authority (CA), which provides better security protection than a self-signed certificate.

Before you get started

You need to create a Connector before you can change BlueXP settings. Learn how.

Installing an HTTPS certificate

Install a certificate signed by a CA for secure access.

Steps
  1. In the upper right of the BlueXP console, click the Settings icon, and select HTTPS Setup.

    A screenshot that shows the Settings icon in the upper right of the BlueXP console.

  2. In the HTTPS Setup page, install a certificate by generating a certificate signing request (CSR) or by installing your own CA-signed certificate:

    Option Description

    Generate a CSR

    1. Enter the host name or DNS of the Connector host (its Common Name), and then click Generate CSR.

      BlueXP displays a certificate signing request.

    2. Use the CSR to submit an SSL certificate request to a CA.

      The certificate must use the Privacy Enhanced Mail (PEM) Base-64 encoded X.509 format.

    3. Upload the certificate file and then click Install.

    Install your own CA-signed certificate

    1. Select Install CA-signed certificate.

    2. Load both the certificate file and the private key and then click Install.

      The certificate must use the Privacy Enhanced Mail (PEM) Base-64 encoded X.509 format.

Result

BlueXP now uses the CA-signed certificate to provide secure HTTPS access. The following image shows a BlueXP account that is configured for secure access:

Screen shot: Shows the HTTPS Setup page after you install a signed certificate. The page shows the certificate properties and an option to renew the certificate.

Renewing the BlueXP HTTPS certificate

You should renew the BlueXP HTTPS certificate before it expires to ensure secure access to the BlueXP console. If you don’t renew the certificate before it expires, a warning appears when users access the web console using HTTPS.

Steps
  1. In the upper right of the BlueXP console, click the Settings icon, and select HTTPS Setup.

    Details about the BlueXP certificate displays, including the expiration date.

  2. Click Change Certificate and follow the steps to generate a CSR or install your own CA-signed certificate.

Result

BlueXP uses the new CA-signed certificate to provide secure HTTPS access.