Follow

About this task

As of InfiniMetrics release 4.2, all HTTP communications will be redirected to HTTPS. InfiniMetrics uses an out-of-the-box, self-signed certificate.

This task allows the customer to secure the communication to InfiniMetrics using an SSL certificate. The certificate can be either self-signed or externally provided.

Before you begin

InfiniMetrics performs the following certificate validations:

  • The private key should not be password protected.
  • The certificate part and private key part should be in PEM format:
    • .PEM = The PEM extension is used for different types of X.509v3 files which contain ASCII (Base64) armored data prefixed with a —– BEGIN … line.
  • If the PEM file contains more than one public certificate, then the first one on the file should be the one that matches the private key of the certificate (as this is the one that matches the InfiniMetrics server FQDN)

InfiniMetrics does not validate:

  • The certificate trust-chain

In case you are unable to access an unauthorized website

In case corporate policy prevents you from accessing an unauthorized website, follow the relevant instructions at the bottom of this page

Terminology

  • Certificate - A file allowing a client to validate the identity of the server it is communicating with using information from a 3rd party CA
    Each certificate is signed by another certificate, creating a chain up to a parent that both sides can trust. 
  • SSL-Certificate - a certificate used to verify HTTPS servers.

Importing a certificate to InfiniMetrics

  1. Access InfiniMetrics release 4.2 and above.
    1. As you do not have an SSL certificate yet, the message on the browser says that the connection is not private.
    2. Click Advanced and then click Proceed to InfiniMetrics (unsafe). InfiniMetrics GUI is displayed on screen.
  2. Click the Action menu and then click on Certificate Settings

    The SSL Certificate Settings screen opens.
  3. Upload the certificate file from your computer and click Save.

    InfiniMetrics validates the certificate and starts using it. The validity of the certificate is indicated on the screen as follows:
    • Issue date 

      • Red  if the current date is earlier than issue date.

        • InfiniMetrics calculates the exact date and time and displays only the date
      • Green - if the current date is same or after the issue date.

    • Valid until date 

      • Redif the current date is after the valid until date.

      • Yellow - if there are less than 30 days until the certificate expiration date.

      • Green - otherwise.

Installing the certificate without accessing an unauthorized website

In case you cannot access the InfiniMetrics website can select from the following options:

  • Downloading the initial, self-signed, certificate and adding it to the trusted-root certificate list on your computer and then entering the website and changing the certificate.
  • SSH into the InfiniMetrics server:
    • Copy the PEM file to the server using

      scp <pem_file>.pem <root_user>@<remotehost>:/etc/ssl/private/custom-pem
    • SSH into the same server and reload lighttpd and nginx server, or reboot the server: 

      service nginx reload
      service lighttpd reload

Further configuration of certificate formats other than PEM is beyond the scope of InfiniMetrics documnetation.

Was this article helpful?
0 out of 0 found this helpful

0 out of 0 found this helpful

Comments