Domain/SSL

11min

The Settings > Domain/SSL pane is used to configure the domain name, SSL, and Edge Remote endpoint in Litmus Edge Manager. This pane includes the following sections:
Domain
SSL settings
Edge Remote
SSL Certificate Workflow
You can choose between two methods for adding an SSL certificate to Litmus Edge or Litmus Edge Manager: 
Manual request process 
DigiCert IoT Trust Manager integration.
Method 1: Manual Request Process
﻿
Step 1: You will need to request an SSL certificate from your IT team. 
Step 2: Your IT team will make a request for the SSL certificate from a certificate authority (CA) (for example,Let's Encrypt, DigiCert). 
Step 3: The CA will return the following to your IT team. 
The root CA certificate file
Any required intermediate certificates
The SSL certificate file
Step 4: The IT team will send you the following. 
The root certificate file
Any required intermediate certificates
The SSL certificate file
The private key file
Step 5: You will apply the following in either Litmus Edge Manager (see SSL Settings section below) or Litmus Edge (see Add a Device Certificate﻿).   
The CA chain file (root CA file and all intermediate certificates)
The SSL certificate 
The private key file
Method 2: DigiCert IoT Trust Manager Integration
﻿
Step 1: Set up DigiCert IoT Trust Manager integration through the Litmus Edge Manager Admin Console.
Step 2: Access DigiCert IoT Trust Manager to retrieve the URL, Profile ID, and Passcode, then configure the CA for Litmus Edge Manager (LEM) and Litmus Edge (LE).
Step 3: DigiCert IoT Trust Manager Handles the Entire Certificate Management Process including:
Issuing the SSL certificate 
Managing the CA chain file 
Private key file
Step 4: Apply and issue certificates to your edge devices through Litmus Edge Manager.
Domain Settings
You can use the domain name to obtain access to Litmus Edge Manager without knowing the IP address. This helps when configuring settings:
Base domain name: The basic domain name is used by clients accessing the Litmus Edge Manager Admin Console, Litmus Edge Manager Application, and Keycloak application.
Before You Begin
Ensure a DNS server exists to handle requests by clients using the domain name.
Domain/SSL: Domain
﻿
Action
Details
[1] Edit Base Domain Name 
Changing the domain name can cause connection issues such as disconnecting all previously connected edge devices. It is recommended that you make DNS changes prior to configuring the rest of your settings. The domain name also causes an update to the certificates. It may be necessary to accept new certificates after reloading the current browser tab. See Browser Access Restrictions ﻿for more information. 
If the domain name is valid, a green check mark displays.
If the domain name is invalid, a red exclamation mark displays.
[2] Copy 
base domain name
[3] View Domain Log
Enabling auto-scroll is helpful when running an import process.
[4] Save base domain name
Save the base domain name
SSL Settings
There are three options when selecting an SSL setting:
Instance Default Certificate: Allows you to use the default self-signed SSL certificate that is automatically created during deployment when you first boot up for HTTPS, and MQTT SSL.
Let's Encrypt Webroot mode: The certificate is based on Let's Encrypt using their Webroot mode. You must enter the domain name for your web-server in the Domain section. An IP address cannot be used. This is used when the web-server is exposed to the Internet and should not be used for private networks.
DigiCert: The DigiCert option integrates with a unique passcode for each LEM instance, which should be securely stored and managed within the admin interface. This ensures a secure and reliable SSL certificate management process for your Litmus Edge Manager.
User Defined: The SSL encryption uses a self-signed certificate (.crt or .pem file) and a (.key or .pem file) that has been uploaded to Litmus Edge Manager. The same certificate must be uploaded to the connected edge device.
Domain/SSL: SSL settings
﻿
Action
Details
[5] Select SSL Setting
Select Instance Default Certificate to ensure that the SSL certificates that are used for the server and instances are valid and trusted by the server.
Select Let's Encrypt Webroot mode to secure publicly available content in a domain by encryption, and then click Save. It issues a certificate when ownership is proven. This selection requires that a domain name is set. This selection cannot be used with an IP address.
Select User Defined to use an SSL certificate and key file to secure content.  A .crt or .pem file and a .key or .pem file is required for this selection.
[6] (User-Defined Only) Upload SSL Certificate 
Upload ssl cert file
[7] (User-Defined Only) Key file 
Upload key file
[8] (User-Defined Only) Root CA Certificate
Upload a CA chain file. Creating a CA (Certificate Authority) chain file involves consolidating the necessary certificates to establish a trust hierarchy for secure communication. To do this, you'll typically need the intermediate certificates that link your SSL certificate to the root certificate, ensuring a complete chain of trust. Begin by gathering the required certificates, which often include intermediate certificates,  and the root certificate. Then, execute a command to combine all required certificates into a single file. See the example below. 
[9] View SSL Log
Enabling auto-scroll is helpful when running an import process.
[10] Save SSL Settings
Save ssl settings for future
Example: You have the following intermediate certificates: intermediate1.pem and intermediate2.pem. You create a CA chain file by combining the intermediate certificates with the root certificate (root.pem) with the following command: cat intermediate1.pem intermediate2.pem root.pem > ca-chain.pem. The CA chain file is named ca-chain.pem.
Edge Remote
The Edge Remote endpoint is the location of the Litmus Edge Manager remote service that forms a private secured connection between this Litmus Edge Manager instance and all of its associated Litmus Edge devices. This endpoint can be used for a DNS or an IP address. 
By default and in most circumstances, the Edge Remote endpoint will be identical to the Litmus Edge Manager instance's IP address/DNS. 
The only exception is when the Litmus Edge Manager is deployed on Google Kubernetes Engine. In this deployment situation, the IP address of the Litmus Edge Manager and the IP address of the LEM remote service will differ. The IP address of the Litmus Edge Manager remote service will be generated by Kubernetes and should be set as the Edge Remote endpoint accordingly. If a DNS is associated with the IP address received from Kubernetes, then the DNS should likewise also be set as the Edge Remote endpoint accordingly. Setting the DNS this way prevents the need to reactivate Litmus Edge devices when the Litmus Edge Manager IP address changes.
Refer to the following actions you can take on Litmus Edge Manager Admin Console's Domain/SSL pane.
Domain/SSL : Edge Remote
﻿
Action
Details
[11] Edit Edge Remote
Edit the edge remote option
[12] Copy 
Edge Remote endpoint
[13] Save Edge Remote endpoint
You can only save when the DNS/IP address is valid.
﻿

Action	Details
[1] Edit Base Domain Name	Changing the domain name can cause connection issues such as disconnecting all previously connected edge devices. It is recommended that you make DNS changes prior to configuring the rest of your settings. The domain name also causes an update to the certificates. It may be necessary to accept new certificates after reloading the current browser tab. See Browser Access Restrictions for more information. If the domain name is valid, a green check mark displays. If the domain name is invalid, a red exclamation mark displays.
[2] Copy	base domain name
[3] View Domain Log	Enabling auto-scroll is helpful when running an import process.
[4] Save base domain name	Save the base domain name

Action	Details
[5] Select SSL Setting	Select Instance Default Certificate to ensure that the SSL certificates that are used for the server and instances are valid and trusted by the server. Select Let's Encrypt Webroot mode to secure publicly available content in a domain by encryption, and then click Save. It issues a certificate when ownership is proven. This selection requires that a domain name is set. This selection cannot be used with an IP address. Select User Defined to use an SSL certificate and key file to secure content. A .crt or .pem file and a .key or .pem file is required for this selection.
[6] (User-Defined Only) Upload SSL Certificate	Upload ssl cert file
[7] (User-Defined Only) Key file	Upload key file
[8] (User-Defined Only) Root CA Certificate	Upload a CA chain file. Creating a CA (Certificate Authority) chain file involves consolidating the necessary certificates to establish a trust hierarchy for secure communication. To do this, you'll typically need the intermediate certificates that link your SSL certificate to the root certificate, ensuring a complete chain of trust. Begin by gathering the required certificates, which often include intermediate certificates, and the root certificate. Then, execute a command to combine all required certificates into a single file. See the example below.
[9] View SSL Log	Enabling auto-scroll is helpful when running an import process.
[10] Save SSL Settings	Save ssl settings for future

Action	Details
[11] Edit Edge Remote	Edit the edge remote option
[12] Copy	Edge Remote endpoint
[13] Save Edge Remote endpoint	You can only save when the DNS/IP address is valid.

Updated 06 Jan 2025

Admin Console Settings

Cloud