06-29-2022 11:20 AM - last edited on 09-21-2022 03:44 AM by Anusha_Vemula
How to Install a Certificate on SZ/vSZ?
System >> Certificates >> CSR >> Generate
Now, you will be able to see the same CSR in all nodes in the cluster
Browse and select the Server, Intermediate and Root certificates accordingly for the intended certificate
Alternatively, you may chain all the related certificates to a single file in .pem format and map the same against Server Certificate
Chaining order: Server, Intermediate and Root
Select the CSR associated with the certificate for private key
For a third party generated CSR, upload the private key along with the associated certificates
Note: The certificate formats supported are only PEM and CRT
Once the certificate is successfully uploaded, you can again crosscheck the certificate availability on each node in cluster
This will again be synced among the cluster nodes.
Please note that the certificate import would initiate a service restart on the web and subscriber management applications. You can verify the status of the services from SZ CLI:
>en
<enable password>
#show service
10-13-2022 10:33 AM
Very useful clarification, documentation isn't describing this important task in detail. I think it is important to mention that certificate should be a wildcard certificate, as the same certificate is used on all vSZ or SZ nodes in a cluster, so it must be valid for multiple FQDNs.
Therefore the cheapest certificate will not do -- except if you can use FQDN for one node as domain.com and for another -- www.domain.com , this will work as by default most certificates include both names. You can import simple one-domain certificate, but than you will be able connect securely to only one node, to the second node you'll need to connect only using IP and will be getting warning in a browser - modern browser don't allow connection by name to site with wrong certificate...
Services restart after certificate change can easy take 30 minutes, so don't be warried that you broke the system.
05-16-2024 12:21 AM
Do we have to make any DNS entries after uploading the public certificate which is going to be used for guest portal under AP Portal menu mapping?
05-16-2024 04:19 AM
Do we have to make any DNS entries after uploading the public certificate which is going to be used for guest portal under AP Portal menu mapping?