Netskope Help

Upload Your Certificates

There are two ways to upload your server certificate and private key for the Web UI on the appliance.

  • Generate a CSR and import the certificate

  • Import certificates and private key

Generate a CSR and import the certificate

To generate a CSR and import the certificate:

  1. Access the appliance console using ssh.

  2. Log in to the appliance using the nsadmin/nsappliance credentials. An nsshell opens.

  3. Enter configure to enter the nsshell configure mode.

  4. Generate CSR, copy the CSR from the CLI using the show command, and then use that to get a signed certificate.

    run request certificate generate web-ui certificate-request 
    city <city>
    common-name <common name for the certificate> 
    country <two-letter country code>
    days <number of the days the certificate is valid for>
    email-address <email address> 
    organization <name of the organization>
    organizational-unit <organizational-unit>
    state <state or province>
    show management-plane web-ui csr
    "-----BEGIN CERTIFICATE REQUEST-----
    MIICjjCCAXYCAQAwSTEiMCAGA1UEAwwZYWJoaS13ZWJ1aS5uZXRza29wZS5sb2NhbDj
    WJoaXJhbUBuZXRza29wZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
    BMvNoB6lwGFkDeOD9Fz3UF3MmuhSh+klL1hcQ/WAoPsAaw4acvKk2Bxx99ncEKgUXR9
    XWL65CqZKNf2WExThYIHb+mGKvUznIieVffYr6/7MarKO+eKVPTwyBFJhgRWDWIPnnF
    N0HAPuhUQpnE4vDJRviPChaRKiiBBji+lF2ZTkC8DZ4yzHdKW80U2h3IhVep1pxSG/0
    Tce3ajz5tF2mObJCZq2QgX2XVJS56L77FTPJEGasEnD5XQ6Cb3njORbAgMBAAGgADAN
    EAHyGiplJeuS4GbYm4sb95xJ+sfRXDPMQWKQA1Vgt08i8Le/TyXoMDERYg9dnDkB3Au
    JoyqUGIcMIrBiun6+QEVueHaCaFxzvKcdR6Wd/1OFchrbfobzO6XtPXx6IYRj6N9cK6
    cClvFRADaqp7MV/9lgNK1zNkFoEeSpEHb+7bIMddYBBYKRAAUYN3YmyUvQLwXqqkv88
    tHXMFQ0kmrg25CoC3uPRrSL1X/S8gI1dLvaL9DbwThWYQuNQ9H0Tyow9r6NJnqAwQ==
    -----END CERTIFICATE REQUEST-----
    "
  5. Enter this command: set management-plane web-ui server-cert.

  6. Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.

  7. To import CA certificates, enter this command: set management-plane web-ui server-intermediate-ca-chain.

  8. Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.

  9. Enter save to activate your changes.

  10. Enter exit to leave the configure mode.

  11. Enter exit to leave the nsshell and exit the appliance console.

Import certificates and private key

To import certificates and private key:

  1. Access the appliance console using ssh.

  2. Log in to the appliance using the nsadmin/nsappliance credentials. An nsshell opens.

  3. Enter configure to enter the nsshell configure mode.

  4. Enter this command: set management-plane web-ui server-cert.

  5. Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.

  6. Enter this command: set management-plane web-ui server-key.

  7. Copy and paste just your single PEM-formatted server RSA private key (no certificates). Enter one or more lines of input. When done, press Ctrl-D.

  8. To import CA certificates, enter this command: set management-plane web-ui server-intermediate-ca-chain.

  9. Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.

  10. Enter save to activate your changes.

  11. Enter exit to leave the configure mode.

  12. Enter exit to leave the nsshell and exit the appliance console.