skip to main content
Admin Guide > APPENDICES > Appendix J: ICE Security > ICE Private Certificate Stores > Deploying TLS Certs
Deploying TLS Certs
TLS certificates are used to secure the connection between ICE components and the ICE Server. In the ICE OS Configuration Wizard, the settings are located in the TLS Certs page, accessible by clicking the TLS Certs tab (as shown below).
A screenshot of a computer AI-generated content may be incorrect.
Use the instructions in this section to deploy certificates for Telephony, Georedundancy, and Vector.
Note: Certificates must be valid for more than 60 days, at least. Open Status > Client TLS Certificates to check the validity of loaded certificates.
If a certificate contains an IP address prefaced by http or https, then do NOT list that IP address in the Cluster Ingress Hostname field on the Server screen.
The following list defines the settings of the TLS Certs page and their operation.
*Enable TLS:
If enabled, the following fields appear:
*Site Certificate Private Key
Enter the private (host) key. X.509 certificate in PEM format.
*Site Certificate Chain
Enter the public key. X.509 certificate in PEM format. The certificate chain is as follows: server certificate > intermediate certificate(s) (if any) > certificate authority (CA). When using the 'File upload' option, the certificate chain must be uploaded as a single file.
Note: After entering both the private and public keys, an Adding FQDN: [XXX] notification displays. Open the Notifications screen and review the Adding FQDN line of that notification to verify the domain is correct.
A screen shot of a computer Description automatically generated
The ICE Desktop web client (enabled on the 'Server' screen) requires certificates be entered here, otherwise, navigating to the web client address results in the following notification: 'Instant Connect is not available in this browser context. Contact your system administrator for more information.
*Specify LDAP Server Certificate
If enabled, the following field appears:
*LDAP Certificate
Enter the LDAP server's identity certificate in PEM format.
*Apply
Applies your changes.
Important: After applying, open the Status dropdown and wait for Node Status to turn become green before proceeding to the next screen.
For air gap: Also wait for Air-gapped Extraction Status to turn green before proceeding to the next screen.
Note: If you advance to the next screen before Node Status turns green, an error message may display. If this occurs, wait for Node Status to turn green, and the error will resolve itself.