About this task
As of InfiniMetrics release 4.2, all HTTP communications will be redirected to HTTPS. InfiniMetrics uses a self-signed certificate by default.
This task allows the customer to secure the communication to InfiniMetrics using either a customer-provided, or an externally-provided SSL certificate.
Before you begin
InfiniMetrics makes sure that the certificate meets the following criteria.
- The private key should not be password protected.
- The certificate part and private key part should be in PEM format:
- .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) data prefixed with a —– BEGIN … line.
- If the PEM file contains more than one public certificate, then the first one on the file should be the one that matches the private key of the certificate (as this is the one that matches the InfiniMetrics server FQDN)
InfiniMetrics does not validate:
- The certificate trust-chain
In case you are unable to access an unauthorized website
In case corporate policy prevents you from accessing an unauthorized website, follow the relevant instructions at the bottom of this page.
Terminology
- Certificate - A file allowing a client to validate the identity of the server it is communicating with using information from a 3rd party CA
Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust. - SSL-Certificate - a certificate used to verify HTTPS servers.
Importing a certificate to InfiniMetrics
- Access InfiniMetrics release 4.2 and above.
- As you do not have an SSL certificate yet, the message on the browser says that the connection is not private.
- Proceed to the InfiniMetrics GUI Your browser may require additional confirmations to continue.
- Click the Action menu and then click on Certificate Settings.
The SSL Certificate Settings screen opens. - Upload the certificate file from your computer and click Save.
InfiniMetrics validates the certificate and starts using it. The validity of the certificate is indicated on the screen as follows:Issue date
Red - if the current date is earlier than issue date.
- InfiniMetrics calculates the exact date and time and displays only the date
Green - if the current date is same or after the issue date.
Valid until date
Red - if the current date is after the valid until date.
Yellow - if there are less than 30 days until the certificate expiration date.
Green - otherwise.
Installing the certificate without accessing an unauthorized website
In case you cannot access the InfiniMetrics website can select from the following options:
- Downloading the initial, self-signed, certificate and adding it to the trusted-root certificate list on your computer and then entering the website and changing the certificate.
- SSH into the InfiniMetrics server:
Copy the PEM file to the server using:
scp <pem_file>.pem root @<remotehost>:/etc/ssl/private/custom-pem
The root password is nfinidat1.
Verify the PEM file validity and nginx configuration:
nginx -t
SSH into the same server and reload
lighttpd
andnginx
server, or reboot the server:service nginx reload service lighttpd reload
- Verify that the Infinimetrics GUI remains accessible, and check that the certificate loaded and is used by visiting the Certificate Settings.
Further configuration of certificate formats other than PEM is beyond the scope of InfiniMetrics documnetation.
Comments