Personal dashboard: TLS

Note

In the default configuration, this section of the personal dashboard is available only to users in the Administrative and Technical groups. Editing the settings is available only to users in the Technical group.

If a resource has a certificate to which the current user does not have access, then the whole TLS section for the resources becomes available to this user in read only mode.

The TLS section is available for each domain or service. Here you can see and change settings on how TLS certificates are used for the domain or service.

Here you can see installed certificates, view certificate details, and install and uninstall certificates.

Note that in this dashboard section, you can only install certificates you've previously added to the system; you can't add new certificates here. For the difference between installing and adding a certificate and how to add a certificate, see Certificate storage.

View installed certificates

To view a list of certificates configured for a domain or service:

  1. Select the domain under Domains or service under Services.

  2. Select TLS.

Certificates installed for the selected domain or service will be displayed as a table with the following columns:

  • ID — Unique numeric identifier of the certificate in the Qrator Labs system. ID can be repeated in several rows of the table, if the same certificate is installed for different domain names.
  • Hostname — The host (domain name) this certificate should be used for. Can be a specific host name or a Default Host string.
  • Subject — Hosts for which the certificate is valid, as well as a link to view certificate details.
  • Not valid after — Shows the end of certificate validity period. If the validity period has already expired, this field is highlighted.

The Hostname and Subject columns have filter fields in the top row. When you enter the required values there, you can filter the certificates displayed in the table.

View certificate details

To view certificate details:

  1. Go to certificate list for the domain or service.

  2. Find the row with the required certificate and click the View more link in it.

The appearing dialogue will contain the following fields:

  • ID — the unique numerical identifier for the certificate in the Certificate storage.
  • Type — the origin of the certificate: Upload or Let's Encrypt.
  • Subject — the domain name(s) the certificate is valid for.
  • Not valid before, Not valid after — the start and the end date of the certificate validity period.

The certificate may contain one or several chains. If there is more than one chain, you can switch between the chains using radio buttons with the corresponding encryption algorithm names on them. For each chain the following data is displayed::

  • Private key encryption — the cryptographic algorithm used for the private key.
  • Private key size — the private key size in bytes.
  • SHA-256 Fingerprint, SHA-1 Fingerprint — the public key fingerprints.
  • Certificate chain — the whole chain in PEM format. You can copy the full text with the button.
  • Private key — the private key in PEM format. You can copy the full text with the button. This field is not displayed if the private key is hidden.

Install certificate for domain or service

  1. Make sure that the certificate you want to install is in the Certificate storage. If there is no such certificate, release or upload it.

  2. Navigate to certificate list for the domain or service.

  3. Click Install certificate.

  4. In the dialog box that appears, find the certificate you want to install.

    You can use the button to reveal a more detailed description of a particular certificate. The description includes fields similar to those in the brief information dialog box in the Certificate storage.

    On the row corresponding to the certificate, click Install.

  5. Specify which domain names the certificate should be used for.

    • If the certificate should be used for one or several known domain names, list them in the text area. Add a comma, a whitespace or use a new line after adding each domain name.

    • If you want to add the certificate before specifying any domain name, or add a domain name which doesn't have any other certificates installed for it, enable Use as default for any hostnames option.

    Press Install.

    Warning

    If a domain or a service has at least one certificate installed for any specific hostname it should also have a certificate for a default hostname installed.

    The changes you made in the configuration will be displayed in the table, but will not be saved automatically.

  6. To save your changes, click Save in the notification at the bottom of the screen.

Uninstall certificate for domain or service

To uninstall a previously installed certificate:

  1. Navigate to certificate list for the domain or service.

  2. Find the certificate you want to uninstall and in the corresponding row in the table, click .

    The changes you made in the configuration will be displayed in the table, but will not be saved automatically.

  3. To save your changes, click Save in the notification at the bottom of the screen.

The certificate will no longer be used when servicing this domain or service, but will remain available in the Certificate storage. To remove a certificate from the system completely, use the following instructions: Personal dashboard: Certificate Storage.

expand_less