CipherTrust Manager Web Interface Certificate Error

Reading time: 3 minutes

In this blog, we’ll discuss the issue faced while configuring the web interface on CipherTrust Manager.

Description

Let’s consider that we have a CipherTrust Manager and want to configure the web interface using an external CA-generated certificate. As per the procedure, we’ll have to generate a CSR (Certificate Signing Request), upload the root and intermediate CAs on CipherTrust Manager, and then assign the externally signed certificate to the web interface.

Cause

The primary reason for this error is that the certificated signed by the external CA for the web interface of CipherTrust Manager has yet to be in an active state.

Solution

Let’s assume we are configuring a web interface certificate for thales01.ec.com. To resolve this error, please follow the below-mentioned steps

1. Login to CipherTrust Manager. From the dashboard, click on CSR Tool under CA.

   

2. Click on + Create CSR and enter all the required information.

   

3. After verifying the information, click on Create.

4. Save the private key as well as the CSR.

   

5. Send the CSR to the signing authority to create the signed certificate.

   Note: The preferred certificate format is PEM.

6. Now, upload the Root and Intermediate CA Certificates. From the Dashboard, click External under the CA section.

   

7. Click on + Add External CA.

   

8. Enter the Display name and paste the Root CA certificate in the box. Click on Save.

   

9. Perform similar steps for adding intermediate/issuing CA.

10. Navigate to interfaces under admin settings.

    

11. Click on the … (3 dots) for web and select Edit.

    

12. Select “Turn off auto generation from Local CA” for Local CA for Automatic Server Certificate Generation.

    

13. Add the Root CA and the Intermediate CA to the External Trusted CAs list.

    

14. Click on the arrow and expand the Upload Certificate option. Paste the entire certificate chain into the box.
15. Select PEM on Format.
16. Enter the Private Key Password (if required) created during the process of CSR generation.
17. Click on Upload New Certificate. We have now successfully assigned an externally signed certificate to the web interface.
18. Navigate to services under Admin settings.

19. Click on System Restart

    

20. Once the services have been restarted, try to access the GUI of CipherTrust Manager by entering the hostname in the browser. If the error below appears, wait approximately 20-30 minutes for the certificate to get active and then refresh the page.