How do new SSL Certification Bundles work in Smarts Network Configuration Manager (Smarts NCM) 9.1?
How are new SSL Certification Bundles deployed in Smarts NCM 9.1?
For SSL Certification Bundles, Smarts NCM 9.1 needs to generate a new Certificate Authority (CA) certificate and private key upon each installation, which is then used to sign the generated host web server certificate. To support Device Servers, both Application Servers (AS) and Device Servers (DS) need to share a common CA certificate and key. In earlier (pre-9.1) Smarts NCM versions, this CA certificate was hard coded.
The process for deploying SSL Certification Bundles in Smarts NCM 9.1 is as follows:
- A new certificate is generated upon every fresh installation on the Application Server and stored in a pkcs#12 (password protected file).
- This pkcs#12 file needs to be copied to each of the device servers at install time.
- The DS installer will prompt for the file and password during installation.
- The DS will open the pkcs#12 file and use the shared CA certificate/key pair to sign the host web certificate.
- After this AS/DS communication will work as normal.