About this task
As of InfiniMetrics release 4.2, all HTTP communications will be redirected to HTTPS. InfiniMetrics uses a self-signed certificate by default.
This task allows the customer to secure the communication to InfiniMetrics using either a customer-provided, or an externally-provided SSL certificate.
Before you begin
InfiniMetrics makes sure that the certificate meets the following criteria.
- The private key must not be password protected.
- The certificate part and private key part must be in PEM format:
- .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) data prefixed with a —– BEGIN … line.
- If the PEM file contains more than one public certificate, then the first one on the file must be the one that matches the private key of the certificate (as this is the one that matches the InfiniMetrics server FQDN).
InfiniMetrics does not validate:
- The certificate trust chain
If you are unable to access an unauthorized website
If corporate policy prevents you from accessing an unauthorized website, see the section: Installing the certificate without accessing an unauthorized website.
- Certificate - A file that allows a client to validate the identity of the server it is communicating with using information from a 3rd party CA.
Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust.
- SSL Certificate - a certificate used to verify HTTPS servers.
Importing a certificate to InfiniMetrics
- Access InfiniMetrics release 4.2 or above.
- As you do not have an SSL certificate yet, the message on the browser says that the connection is not private.
- Proceed to the InfiniMetrics GUI. Your browser may require additional confirmations to continue.
- Click the Action menu and then click on Certificate Settings.
The SSL Certificate Settings screen opens.
- Upload the certificate file from your computer and click Save.
InfiniMetrics validates the certificate and starts using it. The validity of the certificate is indicated on the screen as follows:
Red - if the current date is earlier than issue date.
- InfiniMetrics calculates the exact date and time and displays only the date.
Green - if the current date is same or after the issue date.
Valid until date
Red - if the current date is after the valid until date.
Yellow - if there are less than 30 days until the certificate expiration date.
Green - otherwise.
Installing the certificate without accessing an unauthorized website
If you cannot access the InfiniMetrics website, you can select from the following options:
- Download the initial, self-signed, certificate and add it to the trusted-root certificate list on your computer. Then enter the website and change the certificate.
- SSH into the InfiniMetrics server:
Copy the PEM file to the server using:
If a different value has not been set for the password, the root password is nfinidat1.
Verify the PEM file validity and nginx configuration:
SSH into the same server and reload
nginxserver, or reboot the server:
- Verify that the InfiniMetrics GUI remains accessible.
- Go to Certificate Settings, and verify that the certificate is loaded and is used.
Configuration of certificate formats other than PEM is beyond the scope of InfiniMetrics documentation.