Manage Security Certificates

By default, Solstice Pods are configured with a self-signed certificate from Mersive. However, for enterprises where this is insufficient, Solstice provides enterprise certificate management tools that give Solstice admins a centralized place for managing certificates in the Solstice Dashboard (Security tab > Certificate Tools). These tools allow Solstice admins to manage client-server communication certificates and 802.1x certificates within Solstice. With the certificate tools, you can do the following:

Generate a certificate signing request (CSR). This option generates a secret key that stays on the Pod as well as a .csr file that can be signed by your certificate authority. After signing, the certificate can be uploaded to the Pod.
Example workflow
Generate a certificate signing request to create and add a unique 802.1x User Certificates to the Pod for 802.1x authenticated networks.
Example workflow
Upload both a signed certificate and private key to the Pod.
Example workflow

Limitations

Be aware of the following limitations to the Certificate Tools:

If you are using Install certificate and private key, password-protected PEM files and private keys are not supported.

Pod Certificate Support

Here are the certificate formats supported by Solstice:

	Pod-server	802.1x EAP-TLS for Ethernet and Wireless
Install certificate	PEM PFX	PEM (is converted to PFX) PFX
Install certificate and private key	PEM (password-less PK) PFX

Pod-server

802.1x EAP-TLS for Ethernet and Wireless

Install certificate

PEM (is converted to PFX)
PFX

Install certificate

and private key

PEM (password-less PK)
PFX

How To

To generate the certificate signing request, Solstice needs to obtain information about your enterprise, which includes information like domain components, organization, organizational unit, and common name. Solstice obtains this information by importing an OpenSSL configuration file. If you do not have a configuration file, or if you are unsure of the format required for this file, you can refer to OpenSSL documentation. An example file is also provided on the Certificate Signing Request pop-up.

After clicking OpenSSL config example View, you can examine the contents of the OpenSSL configuration file. You can also copy and paste its contents to a text editor where you can modify the entries and save it to your local file system.

In the Dashboard, select a Pod from the list of Your Solstice Instances.
Go to the Security tab > Certificate Tools section.
Click Generate Certificate Signing Request, then click Open.
From the Certificate Signing Request pop-up, click the type of certificate you want to request. This can be a certificate for the Pod or an 802.1x certificate for Ethernet or Wi-Fi.
Click Browse.
Navigate to the location of the OpenSSL configuration file that you created on your file system. Click on the file, then click Open.
From the Certificate Signing Request pop-up, click Create. A private key is created on the Pod.
Note
For security reasons, the private key remains on the Pod and cannot be exported.
Navigate to the location on your file system where you want to save the .csr file, then click Save.

After the .csr file is saved to your file system, deliver the .csr file to your certificate authority so it can sign the request. The signed request should come back to you as a PEM certificate.

After you have a signed certificate from your certificate authority that corresponds to the private key on the Solstice Pod, you can upload it.

In the Dashboard, select the Pod from the list of Your Solstice Instances
Go to the Security tab > Certificate Tools section.
Click Install Certificate, then click Open.
To upload a certificate to the Solstice Pod, ensure that Pod server is selected.
If you want to begin configuration for 802.1x network device authentication, select either the 802.1x Ethernet option or the 802.1x Wifi option.
From the Install Certificate pop-up, click Certificate Browse.
On your file system, navigate to the location of the signed certificate. Click the certificate, then click Open
If you are uploading a PFX certificate, enter the password in the PKCS #12 Password field.
Click Import.
From the Import Success pop-up, click OK.

The Solstice Pod now uses the certificate you uploaded to validate connection requests. To view the certificate on the Pod, see View Certificate Details below.

Note

If you imported 802.1x certificates, go to the Network tab for additional configuration steps.

If you have both a signed certificate and its private key, you can upload both files to configure encryption for Client/Server communications on the Solstice Pod.

Note

If both your signed certificate and private key are contained in a PFX certificate, use the Install Certificate procedure to upload the PFX file to the Pod.

This import option is not available for 802.1x certificates.

In the Dashboard, select the Pod from the list of Your Solstice Instances
Go to the Security tab > Certificate Tools section.
Click Install Certificate and private key, then click Open.
From the Install Certificate and Private Key pop-up, click Certificate Browse.
On your file system, navigate to the location of the signed certificate. Click the certificate, then click Open
From the Install Certificate and Private Key pop-up, click Private Key Browse.
On your file system, navigate to the location of the private key that corresponds to your certificate. Click the private key file, then click Open.
Click Import.
On the Import Success pop-up, click OK.

The Solstice Pod now uses the certificate and private key you uploaded to validate connection requests. To view the certificate on the Pod, see the View Certificate Details steps below.

Load a self-signed CA certificate bundle onto one or more Pods to be used for HTTPS communications and to validate the Pod’s access to external data connections such as digital signage feeds, RSS feeds, and Solstice Cloud. This is especially important for networks that use a MITM proxy that intercepts HTTPS requests. The bundle is used in addition to the Pod’s built-in CA certificates, which are suitable for most internet access.

Note

Only a PEM certificate with a .crt file extension is supported.

In Solstice Dashboard, select the Pods to be configured from the list of Your Solstice Instances.
Go to the Security tab > Encryption section.
Select the Use Custom CA Certificate Bundle for External Communications checkbox.
Click Browse.
In the file explorer that opens, browse and select the CA certificate bundle, then click Open.
Click Apply.

Next Topic

System Settings

In this section:

Manage Security Certificates

Limitations

Pod Certificate Support

How To

Next Topic

Search results