Managing Certificates

The System | Administration | Certificates page provides a centralized location to manage CA certificates. From here, you can view, edit, or delete existing certificates and upload new certificates. You can also see where an existing certificate is currently in use in Stellar Cyber.

Your user profile must have Certificates privilege enabled in the System | Administration | Role-Based Access Control page to use this feature. Only the Super Admin and Platform Admin profiles have this privilege enabled by default.

The certificates you upload in the Certificates page can be applied to different Stellar Cyber components elsewhere in the user interface:

• CA certificates are used to enable upgrades of Stellar Cyber sensors behind firewalls that use SSL inspection. Start by uploading the CA certificate(s) used for SSL inspection by a Tenant's firewall in the System | Administration | Certificates page. Then:

  • Add the certificate to the DP's certificate repository in the System | Administration | Settings page. Make sure you select the correct tenant when uploading the certificate.

  • Add the certificate to the Tenant's sensors in the System | Collection | Sensors page.

Stellar Cyber can parse chained certificates correctly.

Understanding the Certificates Page

The Certificates page lists each of the CA certificates you've uploaded to the system. You can click the Upload button to open a dialog box where you can upload a new certificate to the system.

Each certificate you've uploaded to the system is listed with the following information:

• Name – The name you specified for the certificate when you uploaded it.

• Tenant – The tenant to which the certificate is assigned:

  CA certificates must be associated with a specific tenant. In a multi-tenant environment, you can upload the CA certificates used for SSL inspection by different tenants' firewalls and assign them correspondingly in Stellar Cyber, enabling software upgrades for components behind firewalls that use SSL inspection.

• Issuer – The issuing authority for the certificate, as read from the certificate itself.

• Type – Certificate type is always CA.

• Expiration Date – The date the certificate expires, as read from the certificate itself.

• Domain – The domain(s) for which the certificate is valid, as read from the certificate itself.

• In Use – Shows the number of place in Stellar Cyber in which the certificate is in use. You can hover your cursor over this entry to see a popup listing the places in Stellar Cyberwhere the certificate is in use, as illustrated below:

  

• Action Buttons:

  • Click to edit a certificate.

  • Click to delete a certificate.

See the Tables page for more information on working with Tables, including the common Search, Export as CSV, Change Columns, and Refresh tools.

Uploading Certificates

Use the following procedure to upload a new certificate to Stellar Cyber:

1. Navigate to the System | Administration | Certificates page and click the Upload button.

2. Supply a Name for the certificate. The name you supply here is only used within Stellar Cyber to identify the certificate.

3. Use the Choose File button in the Certificate field to browse to the location of the certificate you want to upload. The file you select must be a valid certificate in one of the following formats – .crt, .pem, .cer, .key, .p7b, .p7c, .der, .pfx, or .p12.

4. Use the Tenant dropdown to select the tenant associated with this certificate.

   Select the specific tenant whose certificate you are uploading. The certificate should be the one used to perform SSL inspection on the tenant's firewall where the sensor is located. With this certificate added to Stellar Cyber and assigned in the Sensors page, Stellar Cyber software upgrades can work successfully in an environment where the firewall performs SSL inspection.

5. Click Submit to upload the certificate to Stellar Cyber.

Stellar Cyber performs basic validation of the uploaded certificate to verify that it is a certificate.. Once the key passes validation, Stellar Cyber adds it to the list in the Certificates page.

Next Steps

Once you've uploaded a certificate in the Certificates page, the next step is to apply it:

• CA certificates are applied as follows:

  • Add the certificate to the DP's certificate repository in the System | Administration | Settings page.

  • Add the certificate to the Tenant's sensors in the System | Collection | Sensors page.

    The tenant specified during the upload of the CA certificate must match the tenant whose sensors you want to assign it to in the Sensors page.

Editing Certificates

You can edit a certificate in the System | Administration | Certificates page by clicking the button at the far right of its entry in the table. In response, the Edit Certificate window appears, allowing you to change the certificate's name, file, or tenant assignment.

Note that editing a certificate that is in use by the DP may result in a few minutes of system downtime while the changes are applied.

In addition, the Edit Certificate window provides high-level configuration information for the existing certificate, read from the certificate itself, as illustrated below:

Deleting Certificates

You can delete a certificate in the System | Administration | Certificates page by clicking the button at the far right of its entry in the table.

Note that you can only delete a certificate that is not in use. Refer to the In Use column and use the popup there to determine where a certificate is in use, as illustrated below. Once you've removed the certificate from use, you can delete it.