Background
If you just installed the Cloud Connector for your own use to try it out, you can leave out this step. But as soon as you use the Cloud Connector productively in your company, other colleagues would like to be sure that the Web address used for the Cloud Connector is valid. Now what is this all about?
Through the Cloud Connector you can generate an unsigned certificate that contains a public key which corresponds to a private key only known to the Cloud Connector. Public and private keys form a pair: Each public key corresponds to exactly one private key. Anyone who has the public key can encrypt data that can only be decrypted by the holder of the private key. This way you can securely exchange data over the Internet (and Intranet).
Now there is a little snag: If you have a public key, how can you be sure to whom it belongs to? If you can generate such a key pair hackers can do so as well. And then they could give you their public key and claim that it belongs to your bank.
That’s when the certificate authority (CA) comes into play. They play a central role for public key infrastructures (PKI) to vouch for public key holders that they represent valid identities. Technically, the CA provides a digital signature for a public key to say: “Yes, this public key belongs to the Cloud Connector administration UI. Believe me. I checked it.”. To document this, the CA will create a certificate that includes both, the public key and the digital signature.
How to find out what certificate authority to use
Now in your specific case, you need to find out what certificate authority is usually used in the Intranet of your company and how certificates are issued. Here are some hints how you can find this out:
-
Open a Web site of your Intranet in Internet Explorer.
-
Click the padlock next to your browser’s address bar (depending on your browser it could be at the beginning or the end). Choose Certificate.
-
The Certificate Information will show you the CA which issued the certificate.
Search in your Intranet for information about your certificate authority and how certificates are issued. If you cannot find any information, this is a problem for your Web admin team, please consult them how to do this.
Import a signed certificate to the Cloud Connector
After clarifying where you can get a certificate (sometimes referred to as Enrollment Service), you need to follow the process shown in the following graphic:
-
Log on to the Cloud Connector Administration UI and choose Configuration in the menu. On the USER INTERFACE tab, UI Certificate section, choose Generate a certificate signing request. The information you need to provide in the following pop-up (for example, Common Name, Subject Alternative Name) is defined by your certificate authority. Choose Generate to save your request as a PEM file (PEM: Privacy Enhanced Mail).
-
Open the PEM file in a text editor, and copy the contents to the enrollment service of your certificate authority to issue a certificate.
-
The certificate authority issues a signed certificate that proves - together with a private key that is known to the Cloud Connector - that you are the owner of the Web site. Save this certificate in a local file.
-
Return to the Cloud Connector Administration UI. Choose Configuration and then Import a certificate in the UI Certificate section on the USER INTERFACE tab. Import the file you saved in the last step.
-
After a successful import, the certificate details are displayed in the UI Certificate section.
-
Finally, choose Restart on the top of the Cloud Connector administration UI.
After the restart the certificate error should no longer appear.