Import HTTPS Certificates
When your external data sources or targets require secure HTTPS/TLS communication, you may need to import their corresponding certificates into NetFlow Optimizer's trust store. This procedure ensures NFO can establish secure and trusted connections.
NetFlow Optimizer strictly accepts TLS certificates where the subjectAlternativeName (SAN) field contains a DNS name or an IP Address value that correctly matches the data source hostname or IP address.
When you generate certificate using openssl, make sure you specify the following parameter:
-addext "subjectAltName=DNS:example.com,IP:10.0.0.1"
Procedure
Follow these steps to import HTTPS certificates:
-
Obtain the Certificate Chain: You can download the certificate chain from your data source using a web browser or the openssl command-line tool:
openssl s_client -connect <ip-or-fqdn>:443
If using openssl, save the entire certificate chain (concatenate all sections from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- for each certificate in the chain) to a single .pem or .crt file.
- Access Certificate Management in NFO:
Navigate to the External Data Feeder on the left bar.
Click "Manage HTTPS/SSL certificates" and upload an actual certificate (root CA or a full chain).
- Upload and Import the Certificate:
- Save Configuration Changes:
After importing the certificate, ensure you click the Save button to apply the new certificate configuration.