Configure CA-based certificates
The certificates installed by default in the Guardian and the Remote Collector are self-signed, but, if necessary, it is also possible to use certificates signed with a certificate authority (CA).
Normally a certificate chain that has a Root CA and several Intermediate CAs are used to sign a leaf certificate. If you want to follow this approach, then do this procedure, which you have to do for both the Guardian and the Remote Collector sensors.
-
Put a leaf certificate/key pairs under
/data/ssl/https_nozomi.crt and
/data/ssl/https_nozomi.key
The certificate installs in the sensor.
-
Put the certificate chain under
/data/ssl/trusted_nozomi.crt
The certificate chain installs in the sensor. Any certificate signed with the chain is now accepted as valid.