Home
CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
Installation Guide
Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
Additional settings
Install a CA certificate
If an issuing certificate authority (CA) for the hypertext transfer protocol secure (HTTPS) certificate is not immediately trusted, you will need to install a certificate authority (CA) certificate to the Nozomi Networks Operating System (N2OS) sensor.

CMC
Learn how CMC provides centralized visibility and monitoring of Nozomi Networks sensors.
- Introduction
  An overview of the Central Management Console (CMC).
- Installation Guide
  Information and resources on how to install the Central Management Console (CMC), and the different options and settings available.
  - Introduction
  - Physical installation
  - Virtual installation
  - Basic configuration
  - Additional settings
    - Network requirements
    - Install an SSL certificate
      You need to install a secure sockets layer (SSL) certificate to securely encrypt traffic between client computers and the Nozomi Networks Operating System (N2OS) sensor over hypertext transfer protocol secure (HTTPS).
    - Install a CA certificate
      If an issuing certificate authority (CA) for the hypertext transfer protocol secure (HTTPS) certificate is not immediately trusted, you will need to install a certificate authority (CA) certificate to the Nozomi Networks Operating System (N2OS) sensor.
    - Enable SNMP
      To monitor the health of the Nozomi Networks Operating System (N2OS) sensor, you need to enable the simple network management protocol (SNMP) daemon.
    - Configure an internal firewall
      Do this procedure to configure the internal firewall to restrict access to components such as: the management interface, the secure shell (SSH) terminal, the simple network management protocol (SNMP) service, and internet control message protocol (ICMP) of the full stack edition.
    - Disable internal packet-rate protection of the management interface
      If necessary, do this procedure to disable internal packet-rate protection in the management interface.
    - Configure IPv6
      You can configure IPv6 to access physical and virtual sensors. This is not possible for container installations.
    - Enable 802.1x on the management interface
      This topic describes how to enable 802.1x support for the management interface. Configuration of the RADIUS server and the creation of possible certificates are not discussed
    - USB port disablement
      The Nozomi Networks Operating System (N2OS) does not support universal service bus (USB) ports.
    - Turbo capture mode enablement
      A description of how to configure the turbo capture mode, in order to handle higher traffic loads.
  - Compatibility Reference
  - Federal Information Processing Standards
- Administrator Guide
  Information and resources about the Administration section of the Central Management Console (CMC), and the tasks that you can do in this part of the software.
- User Guide
  Information and resources about the main features of the Central Management Console (CMC), and the tasks that you can do from the user interface (UI).
- Maintenance Guide
  Information about the maintenance tasks of Central Management Console (CMC), to help you administer and maintain the solution in a production environment.
- Print format documentation
  A list of all the print-format documentation that is available for the Central Management Console (CMC).

Install a CA certificate

If an issuing certificate authority (CA) for the hypertext transfer protocol secure (HTTPS) certificate is not immediately trusted, you will need to install a certificate authority (CA) certificate to the Nozomi Networks Operating System (N2OS) sensor.

Before you begin

Make sure that:

Your intermediate certificate authority (CA) and Root CA certificates are combined
The certificate must be in privacy-enhanced mail (PEM) format

Note:

These formats are not supported:

Distinguished Encoding Rules (DER)
PKCS#12

Procedure

Upload the CA certificate to the sensor.
1. Change the name of the CA certificate to cert.crt
2. Open a terminal.
3. To upload, enter this command:
```
scp cert.crt admin@<sensor_ip>:/data/tmp
```
Log into the console, either directly or through secure shell (SSH).
To go to privileged mode, enter this command:
```
enable-me
```
You can now perform system changes.
Change directory into the /data/tmp folder.
To add the CA certificate to the trust store, enter this command:
```
n2os-addcacert cert.crt
```

Results

The sensor now trusts the imported CA certificate. You can now use it to secure hypertext transfer protocol secure (HTTPS) communication to the sensor.