Skip to content
Docs

Manage SSL/TLS Certificates & CSRs in Mideye

Mideye Server 6.2.8 and forward provides enhanced Certificate Management with support for CSR generation with existing key.

Mideye Server uses certificates for connections to the Central system, LDAPS/TLS, and the WebGUI. During the initial installation, a self-signed certificate is generated for the WebGUI.

The WebGUI certificate or LDAPS CA certificates can be imported into the Mideye Server using the Certificate Management tool.

Certificate Management enables the management of:

  • LDAPS binding when using an encrypted connection to a configured LDAP server, such as Active Directory.
  • The certificate for the Mideye WebGUI.

To access Certificate Management, navigate to Server Settings → Certificate Management. An overview of all imported and fetched certificates will be displayed.

Overview of all certificates on the Mideye Server

Import a new certificate

Section titled “Import a new certificate”

To import a new certificate, click on “Actions…” and select the appropriate import method based on the certificate you need to import.

Actions menu showing Import LDAPS/CA Certificate, Import Web Admin KeyStore, Generate Web Admin CSR, and Import Web Admin CA Reply

The Actions menu provides four options:

OptionPurpose
Import LDAPS/CA CertificateImport a trusted CA or LDAPS certificate
Import Web Admin KeyStoreReplace the Web Admin certificate with a .p12/.pfx keystore
Generate Web Admin CSRGenerate a Certificate Signing Request using the existing private key
Import Web Admin CA ReplyImport the signed CA reply after submitting a CSR

Certificates for LDAPS and Trusted CA

Section titled “Certificates for LDAPS and Trusted CA”

When importing a new LDAPS or trusted CA certificate, ensure that the certificate is also present on the domain controller. Follow these steps to import the certificate:

  1. Select “Import LDAPS/CA Certificate.”
  2. Click “Choose File” and upload the desired file to the Mideye Server.
  3. Optionally, check “Enter alias for certificate” to provide a custom alias. If unchecked, the Common Name (CN) of the certificate is used as the alias.
  4. Click “Import.”
  5. The certificate will now appear in Certificate Management.
  6. Navigate to the LDAP profile and test the connection.

Certificate import for Web Admin

Section titled “Certificate import for Web Admin”
  1. Select “Import Web Admin KeyStore.”
  2. Click “Choose File” and upload the file to the Mideye Server.
  3. Enter the password for the certificate keystore file.
  4. If the private key entry has a different password, check the box and enter the secondary password.
  5. Click “Import.”
  6. The certificate will now appear in “Certificate Management.”
  7. Open a web browser, navigate to the Mideye Web GUI, and verify that the correct certificate is being used.

Importing a Certificate Using a CA Reply for Web Admin

Section titled “Importing a Certificate Using a CA Reply for Web Admin”

Available in Mideye Server 6.2.8 and later.

  1. Select “Generate Web Admin CSR” to create a CSR file from the Mideye Server. The CSR is signed using the existing private key with SHA256withRSA.
  2. Submit the CSR file to a trusted Certificate Authority (CA) for signing.
  3. Once the CA has signed the CSR, they will send back the CSR reply.
  4. Select “Import Web Admin CA Reply” from the Actions menu.
  5. Click “Choose File” and upload the CA reply file.
  6. Click “Import.” The imported CSR reply will replace the existing Web Admin Certificate.
  7. Navigate to the Certificate Management section on the Mideye Server to verify that the Web Admin Certificate has been updated.

Monitoring certificate expiry

Section titled “Monitoring certificate expiry”

The expiry dates of imported certificates are monitored in two ways:

  • Dashboard status badge — Certificates are shown as EXPIRING on the Web GUI dashboard starting 90 days before expiry.
  • Log file warnings — The server issues warnings in the log files with increasing frequency as expiry approaches:
Days until expiryLog warning frequency
10 daysEvery 60 minutes (8 AM – 6 PM)
7 daysEvery 30 minutes
3 daysEvery 10 minutes

Troubleshooting

Section titled “Troubleshooting”

Resolving the Wrong Certificate Issue in the Web Browser

Section titled “Resolving the Wrong Certificate Issue in the Web Browser”

User provided certificate alias is available in Mideye Server 6.0.2 and later.

If the incorrect certificate is being used in your web browser, follow these steps to select the correct certificate from the Mideye Server keystore:

  1. Log in to the Web GUI.
  2. Navigate to “Server Settings” → “Certificate Management.”
  3. Click on the desired certificate and take note of its “Alias.”
  4. Access the server where the Mideye Server is installed.
  5. Open the configuration file using a text editor at the appropriate path:
    • Windows: C:\Program Files (x86)\Mideye Server 6\config\application-prod.yml
    • Linux: /opt/mideyeserver6/config/application-prod.yml
  6. Add the “Alias” string from step 3 to the key-alias entry in the configuration file. For example, if the alias is webadmin and it ends with a 0 (e.g., webadmin0), remove the 0.
  7. Restart the Mideye Server service to apply the changes.

Example configuration file:

server:
  port: 8443
  ssl:
    key-store: C:\Program Files (x86)\Mideye Server 6\config\keystore.pfx
    key-store-password: "123456789"
    enabled: true
    key-alias: webadmin
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
    min-response-size: 1024