Web Certificates in the IGEL UMS | IGEL Knowledge Base

Here, you can manage the certificates through the IGEL Universal Management Suite (UMS) for communication via the Web Port (default: 8443).

Menu path: UMS Administration > Global Configuration > Certificate Management > Web

Overview

The Web Port is used for the following tasks:

Device management and communication for devices with IGEL OS 12
Provide data for the endpoint devices (WebDAV etc.)
Provide data for other servers (High Availability; WebDAV etc.)
Provide data for the UMS Web App
Provide an entry point for IMI and WebStart

Use

UMS Web App: Providing the browser with the certificate; see Troubleshooting: Browser Displays a Security Warning (Certificate Error) when Opening the UMS Web App
If you need to use an alternative certificate chain instead of the pre-installed one, see How to Use Your Own Certificates for Communication over the Web Port (Default: 8443) in IGEL UMS

New root web certificates are deployed to IGEL OS 12 devices on reboot, see the section "If You Exchange a Root Web Certificate for IGEL OS 12 Devices" under How to Use Your Own Certificates for Communication over the Web Port (Default: 8443) in IGEL UMS.

Possible Actions

Open the dialog Change Automatic Renewal Setting to toggle automatic certificate renewal.

The private key of the parent certificate (root CA or intermediate CA) must be known. The renewed certificate is assigned to the servers automatically.

Possible options:

ACTIVATE automatic renewal: The end certificates in use will be renewed according to the number specified in Renew a used end certificate [number] days ahead of its expiration date.
DEACTIVATE automatic renewal: The end certificates will not be renewed automatically.

- Create a root certificate.

- Import a root CA certificate.

- Create a signed certificate from the CA certificate (root or intermediate) that is currently selected.

- Remove the selected certificate from the UMS. Only certificates that are not currently in use can be removed.

- Show the content of the selected certificate.

- Renew the selected certificate; the dialog Create signed certificate is opened.

All settings except the expiry date (Valid until) can be left unchanged. The public key of the parent certificate (root CA or intermediate CA) must be known. Also, the expiry date of the parent certificate must be later than the new expiry date for the end certificate.

- Import a signed certificate for which the currently selected certificate is a parent certificate (root CA or intermediate CA).

- Import the decrypted private key for the selected certificate.

The private key is encrypted again when saved into the UMS Database.

- Import a certificate chain from a keystore.

- Export the certificate and its child certificates as a certificate chain to a keystore.

- Assign the selected certificate to one or more servers. For more information, see How to Use Your Own Certificates for Communication over the Web Port (Default: 8443) in IGEL UMS.