About this task

As of InfiniMetrics release 4.2, all HTTP communications will be redirected to HTTPS. InfiniMetrics uses a self-signed certificate by default.

This task allows the customer to secure the communication to InfiniMetrics using either a customer-provided, or an externally-provided  SSL certificate. 

Before you begin

InfiniMetrics makes sure that the certificate meets the following criteria.

• The private key must not be password protected.
• The certificate part and private key part must be in PEM format:
  • .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) data prefixed with a —– BEGIN … line.
• If the PEM file contains more than one public certificate, then the first one on the file must be the one that matches the private key of the certificate (as this is the one that matches the InfiniMetrics server FQDN).

InfiniMetrics does not validate:

• The certificate trust chain

If you are unable to access an unauthorized website

If corporate policy prevents you from accessing an unauthorized website, see the section: Installing the certificate without accessing an unauthorized website.

Terminology

• Certificate - A file that allows a client to validate the identity of the server it is communicating with using information from a 3^_rd party CA.
  Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust. 
• SSL Certificate - a certificate used to verify HTTPS servers.

Importing a certificate to InfiniMetrics

1. Access InfiniMetrics release 4.2 or above.
   1. As you do not have an SSL certificate yet, the message on the browser says that the connection is not private.
   2. Proceed to the InfiniMetrics GUI. Your browser may require additional confirmations to continue.
2. Click the Action menu and then click on Certificate Settings. 
   
   The SSL Certificate Settings screen opens.
3. Upload the certificate file from your computer and click Save.
   
   InfiniMetrics validates the certificate and starts using it. The validity of the certificate is indicated on the screen as follows:

   • Issue date 

     • Red -  if the current date is earlier than issue date.

       • InfiniMetrics calculates the exact date and time and displays only the date.

     • Green - if the current date is same or after the issue date.

   • Valid until date 

     • Red - if the current date is after the valid until date.

     • Yellow - if there are less than 30 days until the certificate expiration date.

     • Green - otherwise.

Installing the certificate without accessing an unauthorized website

If you cannot access the InfiniMetrics website, you can select from the following options:

• Download the initial, self-signed, certificate and add it to the trusted-root certificate list on your computer. Then enter the website and change the certificate.
• SSH into the InfiniMetrics server:

  • Copy the PEM file to the server using: 

    scp <pem_file>.pem root @<remotehost>:/etc/ssl/private/custom-pem

     If a different value has not been set for the password, the root password is nfinidat1.

  • Verify the PEM file validity and nginx configuration:

    nginx -t

  • SSH into the same server and reload lighttpd and nginx server, or reboot the server: 

    service nginx reload
    service lighttpd reload

  • Verify that the InfiniMetrics GUI remains accessible.
  • Go to Certificate Settings, and verify that the certificate is loaded and is used.

Configuration of certificate formats other than PEM is beyond the scope of InfiniMetrics documentation.