This allows you to manage the server certificates provided by the Search Appliance when serving pages via HTTPS. The admin interface, including Webmin, and search will use the same certificate. By default the Search Appliance has a self-signed certificate. If you have multiple hosts you may need to regenerate the self-signed certificate before your browser will allow you to access the second host using HTTPS. If you want to use HTTPS for searches you'll want to obtain a secure certificate from a trusted authority so that end users don't get warnings in their browser.
If you're familiar with requesting and obtaining/creating secure certificates
and have a key and certificate pair ready to install you can use the
Enter a premade Private Key/Certificate pair
option at the top of
the Manage SSL/HTTPS Server Certificates
page. You will be
presented with 3 large input boxes where you can paste in your Private key,
Certificate, and an optional Intermediate Certificate that may be
provided by your certificate authority.
You can generate a self-signed certificate or a CSR that can be provided
to a certificate authority to request a secure certificate by filling in
the boxes on the Manage SSL/HTTPS Server Certificates
page. If you
just want a self-signed certificate to use for encryption but don't care
about authoritativeness you can check Self sign
and enter the number
of days you want the certificate to be good for then click
the Install Certificate
button. If you selected Self sign
then you're finished. Otherwise click the Generate CSR
button
to generate the CSR.
When generating a CSR you will be presented with a block of text
beginning with -----BEGIN CERTIFICATE REQUEST-----
and ending
with -----END CERTIFICATE REQUEST-----
. You need to send everything
between, and including, those lines to your certificate authority.
The certificate authority may ask what type of server you're using or
what format of certificate you need. Tell them you need an Apache
compatible certificate.
After the certificate authority has confirmed your CSR they will provide
a similar but different block of text bracketed with
-----BEGIN CERTIFICATE-----
and -----END CERTIFICATE-----
.
Paste that entire block, including the BEGIN and END lines, into the
New Certificate
box. They may also provide an "Intermediate
Certificate" that you would need to paste into the
New Intermediate Certificate
box. If they don't provide an
Intermediate certificate leave the New Intermediate Certificate
box empty.
Once you generate a CSR the certificate management page will only present the option of installing the new certificate(s) from that CSR. If you need to regenerate the CSR or want to abandon the old CSR for any reason click the `Cancel CSR` button on the certificate form.
You can click Download Pending Key
to download the private key
of the pending CSR, although this is unnecessary when signing a CSR. This can
be used if you want to cancel the CSR, but still have the private key around
in case you do actually sign that CSR later, and want to upload it as a pre-made
cert and key.
If you have set the Search Appliance to require HTTPS admin and manage to
install a certificate that you can't use or somehow prevents HTTPS access
you can re-enable HTTP admin by going to the physical console of the Search Appliance
and selecting the drop Admin restrictions (HTTPS,IP,Cipher requirements)
option.