Domain Certificates
A Domain-Validated certificate is an X.509 digital certificate used mostly for Transport Layer Security (TLS) to prove control over a DNS domain. In Axis, the domain certificate is used to validate a domain when an organization chooses to use its own domain as the external address of a web application.
The Axis Cloud Access supports the use of wildcard certificates when configuring web-based applications as well as multi-domain certificates.
Note
Be sure that the domain wildcard contains all the application domains as determined by the certificate. For instance, a certificate for *.acme.com can match "a.acme.com", but not "a.b.acme.com," or “acme.com”
To create and upload domain certificates:
- Upload a domain certificate from the Certificate Management screen
- Upload a domain certificate from the Web Application Editing Screen
- Edit a domain certificate
Uploading a Domain Certificate from the Certificate Management Screen
To upload a Domain Certificate from the Certificate Management Screen:
- In the Management Console, go to Settings -> Certificates > New Certificate.
- Add a name for the certificate, and optionally add a description.
-
Click Upload Certificate and upload a PFX file.
-
Click Next.
Uploading a Domain Certificate from the Web Application Editing Screen
To Upload a Domain Certificate from the Web Application Editing Screen
- In the Management Console go to Settings-> Applications-> New Application
- Select Self-hosted web application.
- Under Remote Access, select Use a domain you own.
- Click the Certificate drop-down menu to select an existing certificate if relevant. Otherwise, click the plus sign next to Certificate. This opens a New Certificate screen.
Editing a Domain Certificate
To edit a domain certificate:
- In the Management Console, go to Settings Settings.png->Certificates Certificates.png.
- Select the certificate you wish to edit.
Domain and Expiration
The screen provides information regarding domain validity and expiry, related domains, and connected applications.
Note
The email addresses configured for alerts in the tenant will receive an alert 30 days, 7 days, and 1 day prior to any certificate expiration.
Replacing Certificating
Click Upload Certificate to upload a PFX file. The newly uploaded file replaces the existing file.
Note
When replacing an existing domain, admins must upload a certificate that covers all of the existing certificate domains. The new certificate can add new domains to the existing ones.
Certificate File Metadata
The screen provides information about Issuing entities (issued by and issued to), a serial number, and a fingerprint.
To commit your changes, navigate to the top-right menu, click Apply Changes, then select Commit Changes.
Limitations
Uploading a new certificate:
There cannot be two certificates that share a domain. For instance, Certificate A contains the following domains: acme.com, *acme.com
A user then wants to create Certificate B and use the following domains: *acme.com, axis.apps.com.
The user cannot create Certificate B because it shares the domain *acme.com with Certificate A.
To solve the issue, we recommend changing the domain certificate in Certificate A to exclude the domain *acme.com or to upload one certificate to cover all the relevant domains.
Replacing an existing certificate
When replacing an existing domain, admins must upload a certificate that covers all of the existing certificate domains. The new certificate can add new domains to the existing ones.
Updated almost 3 years ago