Upload Your Certificates
Upload Your Certificates
There are two ways to upload your server certificate and private key for the Web UI on the appliance.
- Generate a CSR and import the certificate
- Import certificates and private key
Generate a CSR and Import the Certificate
To generate a CSR and import the certificate:
- Access the appliance console using ssh.
- Log in to the appliance using the
nsadmin/nsappliance
credentials. An nsshell opens. - Enter
configure
to enter the nsshell configure mode. - Generate CSR, copy the CSR from the CLI using the show command, and then use that to get a signed certificate.
run request certificate generate web-ui certificate-request city <city> common-name <common name for the certificate> country <two-letter country code> days <number of the days the certificate is valid for> email-address <email address> organization <name of the organization> organizational-unit <organizational-unit> state <state or province> show management-plane web-ui csr "-----BEGIN CERTIFICATE REQUEST----- MIICjjCCAXYCAQAwSTEiMCAGA1UEAwwZYWJoaS13ZWJ1aS5uZXRza29wZS5sb2NhbDj WJoaXJhbUBuZXRza29wZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB BMvNoB6lwGFkDeOD9Fz3UF3MmuhSh+klL1hcQ/WAoPsAaw4acvKk2Bxx99ncEKgUXR9 XWL65CqZKNf2WExThYIHb+mGKvUznIieVffYr6/7MarKO+eKVPTwyBFJhgRWDWIPnnF N0HAPuhUQpnE4vDJRviPChaRKiiBBji+lF2ZTkC8DZ4yzHdKW80U2h3IhVep1pxSG/0 Tce3ajz5tF2mObJCZq2QgX2XVJS56L77FTPJEGasEnD5XQ6Cb3njORbAgMBAAGgADAN EAHyGiplJeuS4GbYm4sb95xJ+sfRXDPMQWKQA1Vgt08i8Le/TyXoMDERYg9dnDkB3Au JoyqUGIcMIrBiun6+QEVueHaCaFxzvKcdR6Wd/1OFchrbfobzO6XtPXx6IYRj6N9cK6 cClvFRADaqp7MV/9lgNK1zNkFoEeSpEHb+7bIMddYBBYKRAAUYN3YmyUvQLwXqqkv88 tHXMFQ0kmrg25CoC3uPRrSL1X/S8gI1dLvaL9DbwThWYQuNQ9H0Tyow9r6NJnqAwQ== -----END CERTIFICATE REQUEST----- "
- Enter this command:
set management-plane web-ui server-cert
. - Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.
- To import CA certificates, enter this command:
set management-plane web-ui server-intermediate-ca-chain
. - Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.
- Enter
save
to activate your changes. - Enter
exit
to leave the configure mode. - Enter
exit
to leave the nsshell and exit the appliance console.
Import Certificates and Private Key
To import certificates and private key:
- Access the appliance console using ssh.
- Log in to the appliance using the
nsadmin/nsappliance
credentials. An nsshell opens. - Enter
configure
to enter the nsshell configure mode. - Enter this command:
set management-plane web-ui server-cert
. - Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.
- Enter this command:
set management-plane web-ui server-key
. - Copy and paste just your single PEM-formatted server RSA private key (no certificates). Enter one or more lines of input. When done, press Ctrl-D.
- To import CA certificates, enter this command:
set management-plane web-ui server-intermediate-ca-chain
. - Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.
- Enter
save
to activate your changes. - Enter
exit
to leave the configure mode. - Enter
exit
to leave the nsshell and exit the appliance console.