Import the CA certificate
A CA (Certificate Authority) certificate is a digital document issued by a trusted third-party organization that validates the identity of websites, individuals, or devices. It enables encrypted HTTPS connections by signing SSL/TLS certificates, ensuring that data transmitted online is secure, authentic, and protected from impersonation.
Import the CA certificate
To enable secure HTTPS communication, import the CA certificate into your browser. This section provides information about how you can import the CA certificate into supported browsers and use custom certificates.
Pre-requisites
- Access to the UC host
- CA certificates available in
/opt/vconsole/uc/certs
Certificate trust requirement
Import the internal CA certificate to your browser’s trusted certificate store /opt/vconsole/uc/certs/ca.crt.
Browser configuration
You can configure your web browser settings such as security, privacy, appearance, and performance to tailor the browsing experience, enhance security, or manage resource usage. For information about configuring different browsers, see:
Configure the Google Chrome browser
To configure the Google chrome browser settings, do the following:
- Open the Google chrome browser.
- In the address bar, type
chrome://certificate-manager/. - Choose Local certificates.
- Click the Manage imported certificates from Windows icon.
- Click the Trusted Root Certification Authorities tab.
- Choose ca.crt and click Import.
- In the Import wizard, click Next.
- Click Browse and select the security certificate.
- Click Next.
- Choose Place all certificates in the following store.
- Click Browse. The Select certificate store dialog opens.
- Choose Trusted Root Certificate Authorities and click OK. Import the certificate only into Trusted Root Certification Authorities. Failure to import the CA certificate to the correct certificate store results in browser trust errors.
- Click Next.
- Click Finish. The CA certificate is successfully imported.
Configure the Microsoft Edge browser
To configure the Microsoft edge browser settings, do the following:
- Open the Microsoft edge browser.
- In the address bar, type
edge://certificate-manager/. - Choose Local certificates.
- Click the Manage imported certificates from Windows icon.
- Click the Trusted Root Certification Authorities tab.
- Choose ca.crt and click Import.
- In the Import wizard, click Next.
- Click Browse and select the security certificate.
- Click Next.
- Choose Place all certificates in the following store.
- Click Browse. The Select certificate store dialog opens.
- Choose Trusted Root Certificate Authorities and click OK. Import the certificate only into Trusted Root Certification Authorities. Failure to import the CA certificate to the correct certificate store results in browser trust errors.
- Click Next.
- Click Finish. The CA certificate is successfully imported.
Custom certificates
You can replace the default CA certificate with your own.
- Follow the same file naming convention as the internally generated CA certificate.
- Copy the certificate file to the directory
/opt/vconsole/uc/certs. - Restart the services after replacing the CA certificate.
./scripts/service.sh start
CA certificate example
/opt/vconsole/uc/certs
ca.crt
ca.key
bff.crt
bff.key
metadata.crt
metadata.key
sqlexec.crt
sqlexec.key
auth.crt
auth.key
ai.crt
ai.key
aiassist.crt
aiassist.key
unified-console-ui.crt
unified-console-ui.key
Note
- All services rely on the same internal CA certificate
ca.crt. - You need to establish browser trust only once per client machine.
- Generate the CA certificates through the command
generate-certs.sh. - Allow inbound traffic on ports 5450, 8433, and 8090 only if you install both MC and UC in the ec2 instance.