Manage SSL client certificates

SSL client certificates are available for liveness tests that use the secure protocols. You can upload SSL client certificates in these ways.

  • Default SSL client certificate. This a domain-wide certificate for use by any liveness test with a secure protocol that does not have a certificate specified for an individual liveness test. In this case, the Manage Default SSL Client Certificate button appears on the domain's Settings page only when that page is in Edit scope.

  • SSL client certificate. This certificate is uploaded for a specific liveness test and overrides the domain-wide default SSL client certificate. In this case, the Manage Default SSL Client Certificate button appears on the Liveness Tests form in Add and Edit scope. You must use one of the secure transport protocols: HTTPS, POPS, SMTPS, or TCPS.

Upload default SSL certificate

You can set a domain-wide default SSL client certificate for a domain by uploading an SSL certificate to the domain. Any liveness tests using the secure protocols use the default certificate, unless they are overridden by a liveness test specifying its own certificate.

Make sure that you select RSA as the SSL key type when you create a PEM-formatted default SSL certificate that you want to upload to an GTM domain. If you select an SSL key type other than RSA, for example EC private key, you receive this error.

certificate is not valid PEM format

📘

The domain must have Edit scope access to perform this procedure.

You upload the default SSL certificate in an existing domain. The Add New Domain page does not provide a default certificate.

  1. On the Traffic Management Domains page, select the domain that you want to revise. The Edit Domain Settings page appears.

  2. Click the Settings tab to show the domain's settings. Notice the Default SSL Certificate text and Manage Default SSL Client Certificate button at the bottom of the page.

  3. Click Manage Default SSL Client Certificate. A new window opens displaying information to manage the certificate upload. If the domain does not have a default certificate set, then the Certificate Status indicates that the "SSL Client Certificate is not currently set."

  4. To upload a PEM formatted certificate file, click Choose File.

    • If Subject and Expires fields appear under the Certificate Status heading then the upload is successful.

    • If the certificate has not expired, a Clear button appears under the status and the Save button is enabled.

    • If the certificate has expired, a message appears indicating that status.

📘

Expired certificates are not allowed.

  1. Take one of these actions.

    • To remove the SSL certificate, click Clear.

    • To return to the Settings tab., click Cancel.

    • If the certificate information is correct, click Save.

      Clicking the Save button displays a green banner with the text "The action has been completed." at the top of the page. You also see green text that reads "Default SSL Certificate has been modified" next to the Manage Default SSL Client Certificate button.

  2. Click Add to Change List and then click Review Change List.

  3. Review the Change List Dialog changes, validate them, add a required comment, and click Activate Domain to save them.

    See Review Change List Detail.

Upload SSL certificate for liveness test

You can upload an SSL certificate for a specific liveness test that uses the security protocols. This certificate overrides the domain-wide default SSL client certificate if your domain has one.

Make sure that you select RSA as the SSL key type when you create a PEM-formatted SSL certificate that you want to upload to an GTM domain. If you select an SSL key type other than RSA, for example EC private key, you receive this error.

certificate is not valid PEM format

The domain must have Add and Edit scope access to perform this procedure.

Use this procedure to upload an SSL certificate for a specific liveness test that uses the secure protocols (HTTPS, POPS, SMTPS, and TCPS).

📘

HTTPS protocol

If you choose the HTTPS protocol, you have the option to select Certificate Verification and to upload an SSL Client Certificate. These actions are independent of each other. The Certificate Verification checkbox is for server certification. The Manage SSL Client Certificate is for client certification.

  1. On the Traffic Management Domains page, select the domain that you want to revise. The Edit Domain Settings page appears.

  2. Click the Properties tab and select a property from the property list. The property review page appears with the liveness test form.

  3. On the review page's liveness tests form.

    • If you do not have a liveness test with a secure protocol. Click Add New Liveness Test to create a liveness test with a security protocol using the steps in Add liveness test to existing domain and continue to Step 4.

    • If you have an existing liveness test with a secure protocol. Select a liveness test name and continue to Step 4.

  4. Click Manage SSL Client Certificate. A new window opens displaying information to manage the certificate upload.

  5. To upload a PEM-formatted certificate file, click Choose File. If a Subject and Expires field appears under the Certificate Status heading, then the upload is successful.

    • If the certificate has not expired, a Clear button appears under the status and the Save button is enabled.

    • If the certificate has expired, a message appears indicating that status. Expired certificates are not allowed.

  6. Take one of these actions.

    • If you want to remove the SSL certificate, click Clear.

    • To return to the Settings tab, click Cancel

    • if the certificate information is correct, click Save. Clicking the Save button displays a green banner with the text The action has been completed.at the top of the page. You also see green text that reads "SSL Certificate has been modified" next to the Manage SSL Client Certificate button.

  7. Click Save Liveness Test to save the changes.

  8. Click Add to Change List.

    The Properties tab appears. A pencil icon next to a property indicates that the liveness test has been modified. A green check mark indicates that the test is a new one.

  9. Click Review Change List.

  10. Review the Change List Dialog changes, validate them, add a required comment, and click Activate Domain to save the changes.

    See Review Change List Detail.


Did this page help you?