Domain Certificates

A Domain-Validated certificate is an X.509 digital certificate used mostly for Transport Layer Security (TLS) to prove control over a DNS domain. In Axis, the domain certificate is used to validate a domain when an organization chooses to use its own domain as the external address of a web application.

The Axis Cloud Access supports the use of wildcard certificates when configuring web-based applications as well as multi-domain certificates.

📘

Note

Be sure that the domain wildcard contains all the application domains as determined by the certificate. For instance, a certificate for *.acme.com can match "a.acme.com", but not "a.b.acme.com," or “acme.com”

To create and upload domain certificates:

  1. Upload a domain certificate from the Certificate Management screen
  2. Upload a domain certificate from the Web Application Editing Screen
  3. Edit a domain certificate

Uploading a Domain Certificate from the Certificate Management Screen

To upload a Domain Certificate from the Certificate Management Screen:

  1. In the Management Console, go to Settings -> Certificates > New Certificate.
  2. Add a name for the certificate, and optionally add a description.
3544
  1. Click Upload Certificate and upload a PFX file.

  2. Click Next.

Uploading a Domain Certificate from the Web Application Editing Screen

To Upload a Domain Certificate from the Web Application Editing Screen

  1. In the Management Console go to Settings-> Applications-> New Application
  2. Select Self-hosted web application.
3528
  1. Under Remote Access, select Use a domain you own.
  2. Click the Certificate drop-down menu to select an existing certificate if relevant. Otherwise, click the plus sign next to Certificate. This opens a New Certificate screen.

Editing a Domain Certificate

To edit a domain certificate:

  1. In the Management Console, go to Settings Settings.png->Certificates Certificates.png.
  2. Select the certificate you wish to edit.

Domain and Expiration

The screen provides information regarding domain validity and expiry, related domains, and connected applications.

3538

📘

Note

The email addresses configured for alerts in the tenant will receive an alert 30 days, 7 days, and 1 day prior to any certificate expiration.

Replacing Certificating

Click Upload Certificate to upload a PFX file. The newly uploaded file replaces the existing file.

📘

Note

When replacing an existing domain, admins must upload a certificate that covers all of the existing certificate domains. The new certificate can add new domains to the existing ones.

Certificate File Metadata

The screen provides information about Issuing entities (issued by and issued to), a serial number, and a fingerprint.

3538

📘

To commit your changes, navigate to the top-right menu, click Apply Changes, then select Commit Changes.

Limitations

Uploading a new certificate:

There cannot be two certificates that share a domain. For instance, Certificate A contains the following domains: acme.com, *acme.com

A user then wants to create Certificate B and use the following domains: *acme.com, axis.apps.com.

The user cannot create Certificate B because it shares the domain *acme.com with Certificate A.

To solve the issue, we recommend changing the domain certificate in Certificate A to exclude the domain *acme.com or to upload one certificate to cover all the relevant domains.

Replacing an existing certificate

When replacing an existing domain, admins must upload a certificate that covers all of the existing certificate domains. The new certificate can add new domains to the existing ones.