Using self-signed certificates on the Synergis™ unit - Synergis™ Softwire 11.0

Synergis™ Appliance Configuration Guide 11.0
Applies to
Synergis™ Softwire 11.0
Last updated
2021-08-24
Content type
Guides > Administrator guides
Language
English
Product
Synergis™ Softwire
Version
11.0

A Synergis™ Cloud Link comes with an X.509 certificate that was generated during production. Replace the default certificate to enhance security by generating a new self-signed certificate.

What you should know

Starting in Synergis™ Softwire 10.7, the Synergis™ Cloud Link unit comes with an ECDSA certificate by default. When you try to enroll a new Synergis™ Cloud Link unit on a system running an operating system that lacks support for ECDSA, the enrollment fails because no compatible cipher is available.

If the enrollment fails, upgrade your operating system to one that supports ECDSA or generate a new RSA certificate on the unit and then try enrolling the unit again.

Procedure

  1. Log on to the Synergis™ unit.
  2. Click Configuration > Certificates.
  3. In the Certificate management section, complete the identification fields.
    The Common name field contains the Synergis™ unit's hostname by default. The Subject alternative name field also contains the hostname by default, but can be edited to a comma-separated DNS list.
    NOTE: The Common name, Subject alternative name, and Country fields are mandatory.
  4. From the Certificate type list, select ECDSA or RSA as the algorithm you want to use.
  5. Click Generate new self-signed certificate.
  6. Restart your browser and log back onto the Synergis™ unit.
    The certificate is now generated on the Synergis™ unit.
  7. Install the certificate it in the browser's certificate store:
    1. Click Configuration > Certificates.
  8. In the Current certificate section, click Download.
  9. In Windows, follow the instructions in the Certificate Import Wizard to import the certificate to the Trusted Root Certification Authorities folder using the Local Machine option.
    Install the certificate on all machines that connect to the updated Synergis™ unit.
    NOTE: The certificate file will be labeled with the hostname and a .cer suffix.
  10. Restart your browser and log back onto the Synergis™ unit.

Results

Your Synergis™ unit will no longer show a security error in the address bar when connecting using hostname.

After you finish

If the Synergis™ unit was already enrolled in Security Center, the Access Manager will not trust the new certificate or connect to the unit, and you must reset the trusted certificate in Config Tool.

For more information, see Resetting the trusted certificate.