Certificates

the certificates section is used to store certificates locally in litmus edge self signed certificates when your instance of litmus edge boots up for the first time, a self signed certificate is automatically created because the certificate generated by litmus edge is self signed, web browsers detect that the certificate is not formally approved by a certificate authority that is why you will get browser warnings that the connection is not private/secure see browser access restrictions docid\ f 4fuf7kbozitsh lmxp4 for more information despite these warnings, all communication through litmus edge and litmus edge manager is done through https , which means it's encrypted end to end and the connection is always secure litmus edge gives you the option to upload certificates and copy device public keys as required by your organization device certificates a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (litmus edge instance) if required by your organization, you can replace the self signed certificate generated by litmus edge with your own device certificate when you upload a device certificate, the connection to the device is validated as a secure connection for details on uploading a device certificate, see add a device certificate in litmus edge docid\ tzo9sxuwkbgc6nlr9 f3p device certificate use cases you are not required to upload a device certificate for your instance of litmus edge, but your organization may decide to upload one for the following use cases your organization's it policies require proper signed certificates for your litmus edge instance your organization requires a domain name and any respective certificates to be attached to your litmus edge instance device certificate requirements the certificate you upload must be an nginx certificate when uploading a device certificate, you will need to provide the following parameters ssl certificate the public key certificate associated with the device certificate ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private rsa key the private key certificate associated with the device certificate reset device certificates you have the option of using the reset to self signed device certificate function for device certificates this replaces the existing certificate with the automatically generated self signed one and creates a new expiry date for the certificate before you reset the certificate, verify that any system communicating with litmus edge will not be negatively affected, as this invalidates all active ui sessions and the receiving of data from external sources custom ca certificates a ca certificate is a digital certificate issued by a certificate authority (ca) the ca certificate allows valid and secure connections between litmus edge and other systems learn more about certificate authorities from wikipedia to create a valid and secure connection between litmus edge and litmus edge manager, a custom ca certificate needs to be generated to complete this specific task, see activate an edge device docid\ odxkra2uhii7rg92cw2q for details to upload a custom ca certificate not related to validating communication between litmus edge and litmus edge manager, see add a custom ca certificate docid\ ontddyozqbazxdr1y6j 3 important when uploading a custom ca certificate, make sure the file is in crt format and that x509 encoding is used custom ca certificate use cases you can upload custom ca certificates for the following use cases enable a valid connection between litmus edge and litmus edge manger by providing the litmus edge manager url as the endpoint for this specific use case, see activate an edge device docid\ odxkra2uhii7rg92cw2q for details depending on the specific requirements of your organization, upload any required certificates provided by private cas if you are using integrations to connect to cloud services, some of these services may use custom certificate authorities that are not available from the trusted ca store in the litmus edge instance in this scenario, you would need to add these ca certificates to the list of trusted custom ca certificates if you have a private docker registry, the applications marketplace refuses to connect to the registry because it is unable to validate the certificate you would then need to manually update the custom ca certificates device public keys the device public key is the litmus edge system's identity/device footprint it is not related to certificates if your organization requires public keys to be accepted, you can copy it from the device public key section identity certificates identity certificates are required when a connection between a device (litmus edge instance) and another service needs to be authenticated for example, when a connection is set up between litmus edge and litmus edge manager, an identity certificate is created that can be viewed in litmus edge litmus edge can have multiple identity certificates signed by different authorities when you create a connection between litmus edge and litmus edge manager, an identity certificate is automatically created that can't be deleted from litmus edge certificate signing requests a certificate signing request (csr) is used to apply for an ssl/tls certificate the csr contains information that the certificate authority will use to create the certificate, such as common name, organization, and country it also contains the public key that will be included in your certificate and is signed with the corresponding private key you can copy/download the certificate signing request in litmus edge and send it to a certificate authority for authorization the certificate authority can then send back a signed identity certificate you can then install this identity certificate in litmus edge see install an identity certificate docid\ yf8 9i5cmunknk mvey4y and manage certificate signing requests docid\ p8x986xuqkwputshgqp7y for more details access system certificates ui to access the certificates page log in to litmus edge navigate to system > network > certificates the certificates canvas appears refer to the following actions you can take on the litmus edge user ui's certificates pane true 0 false 366true unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type true unhandled content type false unhandled content type next steps add a device certificate in litmus edge docid\ tzo9sxuwkbgc6nlr9 f3p add a custom ca certificate docid\ ontddyozqbazxdr1y6j 3 manage custom ca certificates docid\ cszptbtfwbm47jcqtgye9 install an identity certificate docid\ yf8 9i5cmunknk mvey4y manage certificate signing requests docid\ p8x986xuqkwputshgqp7y