A Synergis™ Cloud
Link comes with an X.509 certificate that
was generated during production. Replace the default certificate to enhance security by
generating a new self-signed certificate.
What you should know
The Synergis™ Cloud
Link unit comes
with an ECDSA certificate by default. When you try to enroll a new Synergis™ Cloud
Link unit on a system running an operating system
that lacks support for ECDSA, the enrollment fails because no compatible cipher is
available.If the enrollment fails, upgrade your
operating system to one that supports ECDSA or generate a new RSA certificate on the
unit and then try enrolling the unit again.
Procedure
-
Log on to the Synergis™ unit.
-
Click .
-
In the Certificate
management section, complete the identification fields.
The Common name
field contains the unit's hostname by default. The Subject
alternative name field also contains the hostname by
default, but can be edited to a comma-separated DNS list.NOTE: The Common
name, Subject alternative name, and
Country fields are mandatory.
-
From the Certificate type list, select one of the
following algorithms and key lengths:
- ECDSA 256 bits
- ECDSA 384 bits
- RSA 2048 bits
- RSA 3072 bits
- RSA 4096 bits
-
Click
Generate new self-signed certificate, and then
restart your browser and log back on to the unit.
The certificate is now generated on the unit.
-
Install the certificate in the browser's certificate store.
-
Click .
-
In the Current certificate section, click
Download.
-
In Windows, follow the instructions in the Certificate Import
Wizard to import the certificate to the Trusted Root
Certification Authorities folder using the Local
Machine option.
Install the certificate on all machines that connect to the updated
Synergis™ unit.
NOTE: The
certificate file will be labeled with the hostname and a
.cer suffix.
-
Restart your browser and log back on to the unit.
Results
Your
unit no longer shows a security error in the address bar when connecting using
hostname.
After you finish
If
the unit was already enrolled in Security Center, the Access Manager will not
trust the new certificate or connect to the unit, and you must reset the trusted
certificate in Config
Tool.For more information, see Resetting the trusted certificate.