Skip to content

Certificate Management

Certificate Management provides a visual interface for inspecting and managing TLS/SSL certificates used by Mideye Server. This includes LDAP over TLS (LDAPs) certificates, web administration keystores, and certificate signing request (CSR) workflows.

Navigate to Server Settings → Certificate Management to access this page.

The page is divided into two panels:

  • Left panel — a hierarchical tree view of all certificates in the keystore.
  • Right panel — detailed information about the currently selected certificate.

Certificates are displayed in a hierarchy. Root certificates (self-signed or certificates whose issuer is not present in the keystore) appear at the top level. Certificates issued by a root certificate appear as children.

Each node uses a color-coded icon reflecting its validity:

| Status | Key Entry Icon | Certificate Icon | |--------|----------------|------------------| | Expired | Red key | Red alert | | Expiring soon or untrusted | Orange key | Orange alert | | Valid and trusted | Green key | Green checkmark |

Key entries (certificates that include a private key) display a key icon. Standalone certificates display a verification icon.

When a certificate is selected in the tree, the right panel displays:

| Field | Description | |-------|-------------| | Name | The alias of the certificate in the keystore. | | Subject | The distinguished name of the certificate holder. | | Issuer | The distinguished name of the issuing certificate authority. | | Valid from | The start date of the certificate's validity period. | | Valid until | The end date of the certificate's validity period. | | SHA-1 fingerprint | The SHA-1 hash of the certificate, used for verification. |

Status alerts appear above the details:

  • Certificate expired — error alert when the certificate has passed its validity period.
  • Certificate expiring soon — warning alert when the certificate is nearing expiry.
  • Certificate not trusted — warning alert when the certificate is not in the trust chain.

The Settings menu on the left panel provides four import options (administrator only):

Imports a certificate used for LDAP over TLS connections.

| Field | Description | |-------|-------------| | Certificate file | Accepts .der, .cer, .pem, .crt formats. | | Enter alias | Optional. When enabled, a text field appears for specifying a custom alias. |

Imports a PKCS#12 keystore for the web administration interface.

| Field | Description | |-------|-------------| | Keystore file | Accepts .p12, .pfx formats. | | Keystore password | The password protecting the keystore file. |

Generates a certificate signing request (CSR) for the web admin certificate on the server. The resulting file downloads as webadmin{timestamp}.csr, where the timestamp follows yyyyMMddHHmm format.

Imports the signed certificate returned by the certificate authority in response to a previously generated CSR.

| Field | Description | |-------|-------------| | Certificate file | Accepts .der, .cer, .pem, .crt formats. |

When a certificate is selected, the Actions menu on the right panel provides:

  • Export — downloads the certificate as a PEM-encoded .pem file. The filename is derived from the certificate name with spaces replaced by dashes.
  • Delete — removes the certificate from the keystore after confirmation. This action is not available for key chain certificates (certificates that include a private key chain).

| Action | Required Role | |--------|---------------| | View certificate list | Operator or above | | Import, export, delete, or generate CSR | Administrator or above |