Insight powered by AppSense

SSL Certificates

Use the SSL Certificates area to upload and backup certificates and to generate certificate change requests.

In this section:

Upload
Backup
Generate

Upload

Certificates for both Private and Public CAs can be applied to the Insight appliance. Most major public CA root certificates are included in the Insight appliance and in client operating systems for the computers and devices that support the Insight client.

You must have the root certificate from your Private CA. If your CA is a subordinate CA you will require its certificate (intermediate/chain), any other subordinate CA certificates and the root certificate.

Insight uses 2048-bit RSA certificates in Base64 PEM format which must be installed in the following in order:

Root Certificate
Chain Certificate (Intermediate)

If your intermediate certificate is a bundle, each certificate in the chain must be added in reverse hierarchical order.
Standard Certificate (Web)

The entire certificate chain is required for a successful upload.

Apply a PKCS#12 Certificate to Insight

Select Settings > SSL Certificate > Upload.
Select PKCS#12 Certificate (.pfx or .p12).
Click BROWSE and select your certificate.
If the certificate uses password encryption, enter the appropriate password.
Click UPLOAD.

If successful, a message confirms that the certificate has uploaded. The web proxy service restarts and the uploaded certificate is applied.

Apply a Chain Certificate to Insight

Select Settings > SSL Certificate > Upload.
Select Certificate Chain.
Select Root from the Certificate Type drop-down.
Click BROWSE and select the root certificate for the chain.
Click UPLOAD.

If successful, a message confirms that the certificate has uploaded. The web proxy service restarts and the uploaded certificate is applied.
Repeat this process for your Intermediate and Server certificates.

Backup

Download the current PKCS #12 / PFX certificate containing your encrypted SSL certificate and your private keys from your Insight appliance. You can use this when configuring new installations of the appliance without having to repeat the process of configuring an SSL certificate.

This option is not available if you are using the original self-signed Insight certificate.

Select Settings > SSL Certificate > Backup.
If required, enter an encryption password.

Encryption passwords are optional and add an extra level of security. If you set a password during download, it must be entered to successfully upload your certificate.

Passwords are non-recoverable, so it is important that you remember the password or store it in a safe location.
Click DOWNLOAD and save the certificate.

Generate

The Insight Console generates CSRs for public and private certificate authorities. The certificates can then be uploaded and applied to the console.

Select Settings > SSL Certificate > Generate.
Select the Generate CSR Certificate type.

Click GET CSR to display the current signing request.

Complete the fields for your certificate.

Field	Description
Host Name	The host name of your server.
Organization Name	The name of the organization requesting the certificate.
Contact Email	The point of contact for the certificate request.
City	The full name of the city where the organization is located. Do not use codes or abbreviations.
State/Province	The full name of the state or province where the organization is located. Do not use abbreviations or codes.
Country	The country where the organization is located.
Point of Contact Email Address	An email address within your organization.

Click GENERATE.

A text box displays the certificate request data.
Copy the entire text including the lines containing BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST and save it as a TXT file.
Click OK to close.

The certificate request can be submitted to a public certification authority or you can request a certificate using a private certification authority.