TLS Certs
Note: Certificates must be valid for more than 60 days, at least. Open 'Status' > 'Client TLS Certificates' to check the validity of loaded certificates.
If a certificate contains an IP address prefaced by http or https, then do NOT list that IP address in the 'Cluster Ingress Hostname' field on the 'Server' screen.
Enable TLS:If enabled, the following fields appear:
Site Certificate Private KeyEnter the private (host) key. X.509 certificate in PEM format.
Site Certificate ChainEnter the public key. X.509 certificate in PEM format. The certificate chain is as follows: server certificate > intermediate certificate(s) (if any) > certificate authority (CA). When using the 'File upload' option, the certificate chain must be uploaded as a single file.
Note: After entering both the private and public keys, an Adding FQDN: [XXX] notification displays. Open the Notifications screen and review the Adding FQDN line of that notification to verify the domain is correct.
The ICE Desktop web client (enabled on the 'Server' screen) requires certificates be entered here, otherwise, navigating to the web client address results in the following notification: 'Instant Connect is not available in this browser context. Contact your system administrator for more information.
Specify LDAP Server Certificate If enabled, the following field appears:
LDAP Certificate Enter the LDAP server's identity certificate in PEM format.
ApplyApplies your changes.
Important: After applying, open the Status dropdown and wait for Node Status to turn become green before proceeding to the next screen.
For air gap: Also wait for Air-gapped Extraction Status to turn green before proceeding to the next screen.
Note: If you advance to the next screen before Node Status turns green, an error message may display. If this occurs, wait for Node Status to turn green, and the error will resolve itself.