Upload Your Certificates
There are two ways to upload your server certificate and private key for the Web UI on the appliance.
Generate a CSR and import the certificate
Import certificates and private key
Generate a CSR and Import the Certificate
To generate a CSR and import the certificate:
Access the appliance console using ssh.
Log in to the appliance using the
nsadmin/nsappliance
credentials. An nsshell opens.Enter
configure
to enter the nsshell configure mode.Generate CSR, copy the CSR from the CLI using the show command, and then use that to get a signed certificate.
run request certificate generate web-ui certificate-request city <city> common-name <common name for the certificate> country <two-letter country code> days <number of the days the certificate is valid for> email-address <email address> organization <name of the organization> organizational-unit <organizational-unit> state <state or province> show management-plane web-ui csr "-----BEGIN CERTIFICATE REQUEST----- MIICjjCCAXYCAQAwSTEiMCAGA1UEAwwZYWJoaS13ZWJ1aS5uZXRza29wZS5sb2NhbDj WJoaXJhbUBuZXRza29wZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB BMvNoB6lwGFkDeOD9Fz3UF3MmuhSh+klL1hcQ/WAoPsAaw4acvKk2Bxx99ncEKgUXR9 XWL65CqZKNf2WExThYIHb+mGKvUznIieVffYr6/7MarKO+eKVPTwyBFJhgRWDWIPnnF N0HAPuhUQpnE4vDJRviPChaRKiiBBji+lF2ZTkC8DZ4yzHdKW80U2h3IhVep1pxSG/0 Tce3ajz5tF2mObJCZq2QgX2XVJS56L77FTPJEGasEnD5XQ6Cb3njORbAgMBAAGgADAN EAHyGiplJeuS4GbYm4sb95xJ+sfRXDPMQWKQA1Vgt08i8Le/TyXoMDERYg9dnDkB3Au JoyqUGIcMIrBiun6+QEVueHaCaFxzvKcdR6Wd/1OFchrbfobzO6XtPXx6IYRj6N9cK6 cClvFRADaqp7MV/9lgNK1zNkFoEeSpEHb+7bIMddYBBYKRAAUYN3YmyUvQLwXqqkv88 tHXMFQ0kmrg25CoC3uPRrSL1X/S8gI1dLvaL9DbwThWYQuNQ9H0Tyow9r6NJnqAwQ== -----END CERTIFICATE REQUEST----- "
Enter this command:
set management-plane web-ui server-cert
.Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.
To import CA certificates, enter this command:
set management-plane web-ui server-intermediate-ca-chain
.Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.
Enter
save
to activate your changes.Enter
exit
to leave the configure mode.Enter
exit
to leave the nsshell and exit the appliance console.
Import Certificates and Private Key
To import certificates and private key:
Access the appliance console using ssh.
Log in to the appliance using the
nsadmin/nsappliance
credentials. An nsshell opens.Enter
configure
to enter the nsshell configure mode.Enter this command:
set management-plane web-ui server-cert
.Copy and paste just your single PEM-formatted server certificate (no keys). Enter one or more lines of input. When done, press Ctrl-D.
Enter this command:
set management-plane web-ui server-key
.Copy and paste just your single PEM-formatted server RSA private key (no certificates). Enter one or more lines of input. When done, press Ctrl-D.
To import CA certificates, enter this command:
set management-plane web-ui server-intermediate-ca-chain
.Copy and paste any additional PEM-formatted CA certificates to send with the server cert (no keys) using this command: The ordering should be from the lowest certificate in the chain to the root. Enter one or more lines of input. When done, press Ctrl-D.
Enter
save
to activate your changes.Enter
exit
to leave the configure mode.Enter
exit
to leave the nsshell and exit the appliance console.