Encrypting the data transmitted over the internet, using certificates, is crucial to the security of your application (and business) and should be a part of every public application. Sure, you can host the certificate on your web server, which is perfectly acceptable, however, it requires additional CPU cycles to encrypt/decrypt traffic and is an administrative nightmare when utilizing multiple servers in a farm. Allowing the AppDirector to offload SSL removes this overhead from your servers and gives the administrator a single pane of glass to manage all web certificates. Follow the below examples to create a new certificate, generate a CSR, or import an existing certificate:
Security –> Certificates –> Table
1. Name – This field should be a friendly name for your certificate – call it what you want but keep it descriptive to it’s purpose.
2. Key Size: Choose your key size: 2048.
3. Common Name: This field should match the exact URL of your application (ie. www.mywebsite.com)
4. Entry Type: To generate a CSR to upload to a public/private CA, choose Signing Request.
5. Key Passphase: Choose a complex password to secure the private key. Hint: You will need this password to export the private key if needed in the future or to export a CSR.
6. Other Fields: Fill out the pertinent information requested in the other fields related to your business.
*After you have all fields completed, click “Set”. This will generate your CSR that you will export using the following steps:
Security –> Certificates –> Export (You may also click yellow “Export PKI components” if you are on the Certificate Table page)
1. Name: Choose the name of the Signing Request (the name you used in step 1 above)
2. Type: Change to Signing Request
3. Passphrase: Password entered in step 5 above which secures the private key
*Click Show to see the CSR in the text box or Export to download a file containing the CSR. This will be the file/text that you will use for requesting a certificate from a public CA
Once you get the certificate back from the CA, you will need to Import it in the AppDirector. To do this, follow the below steps:
Security –> Certificates –> Import
1. Name: Use the exact name (case sensitive) that you used in Step 1 above. This must match or it will result in an error.
2. Type: Choose Certificate
3: Passphrase: Leave Blank – Passphrases protect the private key and not the certificate itself.
4. Text: Copy the certificate information here or click Browse to upload a file.
*Click Import. At this point, you should be able to see the new certificate in the certificate table.