Certero Provisioning Services – SSL Certificates
Document version control table
Attribute | Setting |
Document title | Certero Provisioning Services – SSL Certificates |
Document subject | Configuration of SSL Certificates on Certero Provisioning Services |
Document version | V1a |
Document category | How to |
Document published date | 15/01/2025 |
Technical level | 400 |
Hosting type | On premise only |
Product name | Choose an item. |
Product version | Version 8 |
Module | Other |
Connector | Choose an item. |
Introduction
Once Certero Provisioning Services is installed and running a valid SSL Certificate is needed for the Certero Provisioning Services application
The security between all infrastructure components must be implemented in a manner that conforms to the IT security policies and methodologies of your organisation and must form part of your overall design considerations.
The Certificates area within Certero Provisioning Services allows you to manage the SSL certificates installed on the server. SSL certificates are required for any tenants that are provisioned using a HTTPS binding. Certificates can be purchased from a recognised online provider or can be issued from your own Certificate Authority.
Self-Signed Certificates, Domain Certificates or a Certificate provided by a root authority such as Verisign, are all supported by Certero.
Instructions
The Certero Provisioning Services website is configured during the setup routine with a single HTTPS binding. A self-signed SSL certificate is installed for first use, however, we strongly recommend that it is replaced with a signed certificate that matches the fully qualified domain name (FQDN) of the server.
Configurations that work with a DMZ are supported including the ability to define the communications port that will be used between the internet facing Certero Endpoint Server in the DMZ and the internal Certero Application Server; this can be any HTTP or HTTPS port.
Single certificate per tenant - Before you provision a tenant instance, you should decide upon the hostname (fully qualified domain name - FQDN) by which it will be known. If you intend to host the instance over HTTPS you will need to obtain a signed certificate with its subject set to the fully qualified domain name (FQDN) of the tenant and import it into Certero tenant.
NOTE: Certero Provisioning Services must be running on Windows 2012 R2 or above in order to use multiple SSL certificates.
Wildcard certificate:
The easiest way to provision multiple tenant instances over HTTPS is to choose a sub-domain and use a wildcard SSL certificate. In addition, by creating a wildcard CNAME record in DNS, all traffic for a subdomain can be routed to the Certero Provisioning Services server. Rules on the Certero Provisioning Services will then route traffic to the corresponding tenant.