Skip to content

Certificates

Certificates

Certificates in a CyberEdge are essential for both security and authentication. They enable the establishment of secure communication channels, like SSL/TLS, by encrypting data exchanged between the CyberEdge and connected devices, safeguarding sensitive information from unauthorized access. Additionally, certificates are used to verify the identity of devices, ensuring that only authenticated entities are granted access to network resources. They also play a role in HTTPS inspection, allowing the firewall to inspect encrypted traffic for potential threats while maintaining the integrity of secure connections. The CyberEdge support the creation and management of certificates and the ability for users to provide their own custom certificates.

Certificate Management

The CyberEdge support the creation and management of the following certificates:

  • CA (Certificate Authority): A CA (Certificate Authority) certificate is a digital certificate provided by a trusted authority that validates the authenticity of other certificates. It serves as a root of trust, enabling users and systems to verify that a certificate is genuine and that the certificate holder’s identity is legitimate. CA certificates are crucial for ensuring secure and trusted communications across networks.

  • Server Certificate: A server certificate is a digital certificate used to authenticate the identity of a server and establish secure, encrypted communications with clients. It ensures that data exchanged between the server and clients is protected from unauthorized access, typically used in SSL/TLS protocols for secure web browsing and data transmission. This is issues by the CA (Certificate Authority).

  • Client Certificate: A client certificate is a digital certificate used to authenticate the identity of a device to a server. It allows the server to verify that the client is legitimate, enabling secure, encrypted communication and access to protected resources. Client certificates are commonly used in mutual authentication scenarios, where both the client and server verify each other's identities. The client certificate is issued by the CA (Certificate Authority).

After the certificate chains are created, they will be referenced and used throughout the CyberEdge as required.

Info

Monitoring certificate expiry dates is crucial to prevent service disruptions caused by expired certificates. The CyberEdge automatically sends email notifications to the configured system administrator when certificates are nearing expiration. When new certificates are generated, the administrator must update the corresponding configurations within the CyberEdge.

Uploading Custom Certificates

Custom certificates can be used instead of CyberEdge-generated certificates if needed. The following details outline the certificate requirements supported by CyberEdge. Please note that CyberEdge does not provide technical support for troubleshooting customer-supplied certificates.

Before uploading a certificate, the following prerequisites must be met:

  • The certificate must be in PEM format. Most certificate providers offer an option to download certificates in PEM format. If not, tools like OpenSSL can be used to convert the certificate file to the required format.
  • The certificate must contain both the public and private key

To upload a certificate, navigate to:

  1. System > Certificates > Choose file
  2. Select the certificate from your file system and click Open
  3. If successful, the certificate will be listed in the GUI and will advise if the private key was included.
  4. Click “Save changes ready to apply”
  5. Click “Applies all pending changes” > “Apply Changes

The certificate will be referenced in the CyberEdge as required.

Tip

It's important to create clear and precise names when generating certificates to prevent confusion between different certificate types

Deleting a Certificate

When certificates are no longer needed, they can be deleted from the CyberEdge. However, before deleting a certificate, it must first be dereferenced from any configuration where it is in use. This ensures that a certificate actively utilized by the CyberEdge is not accidentally removed resulting in a broken configuration.

  1. System > Certificates
  2. Select the certificate and click "Delete". If you attempt to delete a certificate that is currently referenced in the configuration, an error message will appear, detailing where the certificate is being used. You must remove the certificate from these references before you can proceed with the deletion.
  3. If successful, the certificate will be deleted
  4. Click “Save changes ready to apply”
  5. Click “Applies all pending changes” > “Apply Changes