Certificates are used to secure communications between the Buttonwood Automate virtual appliance and other endpoints, such as cloud endpoints as well as administrator web clients.
This article describes the steps required to manage these certificates.
Prerequisites
- Administrative access to the Buttonwood Automate Admin UI
Managing the Appliance Certificate
The Buttonwood Automate virtual appliance is deployed with a self-signed certificate. The certificate can be regenerated, or replaced with a certificate which is signed by an enterprise or public certificate authority (CA).
Regenerate a Self-Signed Certificate
- Log in to the Admin UI
- Navigate to Broker Configuration
- Select the HTTPS Certificate tab
- Click Configure
- On the Settings screen, select the following
- Option: Auto generate a new certificate
- Option: Auto generate a new certificate
- Click Apply Changes
Note: Broker services will restart upon applying a new certificate
Importing a CA-signed Certificate
- Log in to the Admin UI
- Navigate to Broker Configuration
- Select the HTTPS Certificate tab
- Click Configure
- On the Settings screen, select and enter the following information
- Option: Upload custom certificate
- SSL Cert: Contents of the certificate, ensuring that the ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- delimiters are present
- SSL Key: Contents of the corresponding private key, ensuring that the ---BEGIN PRIVATE KEY--- and ---END PRIVATE KEY--- delimiters are present
- Click Apply Changes
Note: Services will restart upon applying a new certificate
Managing Certificate Trusts
The Broker may communicate with endpoints which are not signed using a certificate chain which isn't signed by a public certificate authority (CA).
This section details the steps required to manage certificate chains.
Adding Certificates
- Log in to the Admin UI
- Navigate to Certificates
- In the Add CA Certificate section, provide the following:
- Certificate Friendly Name: A name for the certificate chain
- Choose file: The certificate the import
Note: The certificate must be in X.509 format
Note: If a private key is required to be embedded in the certificate file, the private key portion must be at the top of the file - Click Add Certificate
- A message indicates the status of the request
Deleting Certificates
- Log in to the Admin UI
- Navigate to Certificates
- In the CA Certificates section, click Delete next to the certificate to be deleted
- A message indicates the status of the request