Certificate Management for LDAPS and Web GUI

Archived Documentation

This page documents Mideye Server version 5, which is no longer actively maintained. For current documentation, see Mideye Server v6.

Overview

Certificate Management handles SSL/TLS certificates for secure LDAPS connections to Active Directory and the Mideye Web GUI.

Certificate types:

• LDAPS certificates — Encrypt connections to LDAP directories
• Web GUI certificates — Secure the administrative web interface

---

Certificate Management allows management for:

• the LDAPS bind when using an encrypted connection to a configured LDAP-server such as Active Directory
• the certificate for the Mideye Web GUI.

To accessCertificate Management, navigate to “Configuration” → “Certificate Management”. An overview of all the imported and fetched certificates will be shown.

---

Import a new certificate

To import a new certificate, click “Import”. Then choose to import a certificate for LDAPs or Mideye Web GUI.

Certificate for LDAPs

Note

Allowed certificate formats for LDAPs are: cer, pem and crt.

When importing a new LDAPS certificate, make sure that the certificate is present on the actual domain controller as well. Then follow these steps to import the certificate:

1. Choose “Certificate for LDAPs”.
2. Click on “Choose File” and upload the file to the Mideye Server.
3. Click “Import”.
4. The certificate will now show up in the “Certificate Management”.
5. Go to the LDAP profile and test the connection.

Certificate for Mideye Web GUI

Note

Allowed certificate formats for Mideye Web GUI are: pfx and p12.

1. Choose “SSL/TLS certificate for Mideye Web Admin”
2. Click on “Choose File” and upload the file to the Mideye Server.
3. Enter the password for the certificate keystore file.
4. If the private key entry has a different password, check the box and enter the second password.
5. Click “Import”.
6. The certificate will now show up in the “Certificate Management”.
7. Use a web browser to go to the Mideye Web GUI and check in the browser that the correct certificate is being used.

---

Monitoring of certificate expiery

The expiry of imported certificates is monitored and presented in the dashboard of the Mideye Web GUI. The server also starts to issue warnings to the log files 10 days before imported certificates expire.

---

Troubleshooting

How do I get a .pfx file?

Read more in the Knowledge base on how to convert a CSR or .cer file into a .pfx file.

The wrong certificate is being used in the web browser

If the wrong certificate is being used in the web browser you might have to point to the right certificate in the Mideye Server keystore.

1. Log in to the Web GUI

2. Go to “Configuration” → “Certificate Management”.

3. Click on the certificate and note the certificates “Alias”.

4. Go to the server containing the Mideye Server.

5. Use a text editor and open the following file:

   Windows: C:\Program Files (x86)\Mideye Server 5\config\application-prod.yml Linux: /opt/mideyeserver/config/application-prod.yml

6. Add the “Alias” string from step 3 to the file, in this example the “Alias” is webadmin. If the “Alias” ends with a 0, like webadmin0, remove the 0.

server:
  port: 8443
  ssl:
    key-store: C:\Program Files (x86)\Mideye Server 5\config\keystore.pfx
    key-store-password: "123456789"
    enabled: true
    key-alias: webadmin
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
    min-response-size: 1024

It now points to the Alias that the new certificate is using.

---