Certificate Management
Certificate Management provides a visual interface for inspecting and managing TLS/SSL certificates used by Mideye Server. This includes LDAP over TLS (LDAPs) certificates, web administration keystores, and certificate signing request (CSR) workflows.
Navigate to Server Settings → Certificate Management to access this page.
Page Layout
Section titled “Page Layout”The page is divided into two panels:
- Left panel — a hierarchical tree view of all certificates in the keystore.
- Right panel — detailed information about the currently selected certificate.
Certificate Tree
Section titled “Certificate Tree”Certificates are displayed in a hierarchy. Root certificates (self-signed or certificates whose issuer is not present in the keystore) appear at the top level. Certificates issued by a root certificate appear as children.
Status Icons
Section titled “Status Icons”Each node uses a color-coded icon reflecting its validity:
| Status | Key Entry Icon | Certificate Icon |
|---|---|---|
| Expired | Red key | Red alert |
| Expiring soon or untrusted | Orange key | Orange alert |
| Valid and trusted | Green key | Green checkmark |
Key entries (certificates that include a private key) display a key icon. Standalone certificates display a verification icon.
Certificate Details
Section titled “Certificate Details”When a certificate is selected in the tree, the right panel displays:
| Field | Description |
|---|---|
| Name | The alias of the certificate in the keystore. |
| Subject | The distinguished name of the certificate holder. |
| Issuer | The distinguished name of the issuing certificate authority. |
| Valid from | The start date of the certificate’s validity period. |
| Valid until | The end date of the certificate’s validity period. |
| SHA-1 fingerprint | The SHA-1 hash of the certificate, used for verification. |
Status alerts appear above the details:
- Certificate expired — error alert when the certificate has passed its validity period.
- Certificate expiring soon — warning alert when the certificate is nearing expiry.
- Certificate not trusted — warning alert when the certificate is not in the trust chain.
Import Operations
Section titled “Import Operations”The Settings menu on the left panel provides four import options (administrator only):
Import LDAPs Certificate
Section titled “Import LDAPs Certificate”Imports a certificate used for LDAP over TLS connections.
| Field | Description |
|---|---|
| Certificate file | Accepts .der, .cer, .pem, .crt formats. |
| Enter alias | Optional. When enabled, a text field appears for specifying a custom alias. |
Import Web Admin Keystore
Section titled “Import Web Admin Keystore”Imports a PKCS#12 keystore for the web administration interface.
| Field | Description |
|---|---|
| Keystore file | Accepts .p12, .pfx formats. |
| Keystore password | The password protecting the keystore file. |
Generate Web Admin CSR
Section titled “Generate Web Admin CSR”Generates a certificate signing request (CSR) for the web admin certificate on the server. The resulting file downloads as webadmin{timestamp}.csr, where the timestamp follows yyyyMMddHHmm format.
Import Web Admin CSR Reply
Section titled “Import Web Admin CSR Reply”Imports the signed certificate returned by the certificate authority in response to a previously generated CSR.
| Field | Description |
|---|---|
| Certificate file | Accepts .der, .cer, .pem, .crt formats. |
Export and Delete
Section titled “Export and Delete”When a certificate is selected, the Actions menu on the right panel provides:
- Export — downloads the certificate as a PEM-encoded
.pemfile. The filename is derived from the certificate name with spaces replaced by dashes. - Delete — removes the certificate from the keystore after confirmation. This action is not available for key chain certificates (certificates that include a private key chain).
Permissions
Section titled “Permissions”| Action | Required Role |
|---|---|
| View certificate list | Operator or above |
| Import, export, delete, or generate CSR | Administrator or above |