Certificates Overview

The certificates tab is divided into three sections:

  • Let's Encrypt Cert Wizard
  • Upload Certificate File
  • Server Management Certificate

These sections are to help you manage certificates in Heimdall.

Let's Encrypt Cert Wizard

Let's Encrypt Cert Wizard section provides a way to simply generate Let's encrypt requests and then the final certificate from this.

Prerequisites

In the certificate tab in Let's Encrypt Cert Wizard section, there are three fields that need to be set to create an order of the Let's Encrypt certificate:

  • Challenge type (DNS is default)
  • Certificate alias
  • Domain

Challenge

Challenges are used to prove ownership of a domain. There are two available challenges DNS and HTTP:

  • DNS: You prove to the CA that you are able to control the DNS records of the domain to be authorized, by creating a TXT record with a signed content.
  • HTTP: You prove to the CA that you are able to control the website content of the domain to be authorized, by making a file with a signed content available at a given path.

Certificate alias

A certificate alias is a name, used in other places, which is going to be assigned to the generated certificate in the Keystore and Virtual Databases.

Domain

A domain is a subject of the generated certificate.

Flow

In case to generate new Let's Encrypt certificate you must:

  1. Set up all fields and click "Order" button. Let's Encrypt API will request order certificate.
  2. Make a challenge returned by Let's Encrypt API. You will find instructions in message field.
  3. Click "Verify" button. If you did your challenge properly, Let's Encrypt API will generate new Let's Encrypt certificate and will place it in the Keystore and Virtual Databases with given certificate alias.

Be careful !!!
If a certificate alias already exists in Heimdall, the existing certificate will be overridden with a new Let's Encrypt Certificate.

Create order

After you set up all fields and click the "Order" button:

  1. Let's Encrypt API creates your unique account in Let's Encrypt CA if you don't have one.
  2. Send to Let's Encrypt CA request to create certificate order for the given domain name.
  3. Let's Encrypt API returns you a message on how you can prove your ownership, based on the selected challenge type.

Verify order

After you do your challenge and click "Verify" button:

  1. Let's Encrypt API send request to Let's Encrypt CA in case to verify your ownership.
  2. If verification went properly, API will request for certificate.
  3. Generated certificated is being uploaded to Keystore with given alias. If certificate with given alias already exists it will override existing certificate.

Extra informations

You can test API by selecting the checkbox "Use Let's Encrypt test API"

Upload Certificate File

Upload Certificate File section provides a way to upload your own certificate into Heimdall.

There are 3 fields in upload certificate file interface:

  • Combined pem file (A file that contains private key and certificate in pem format with appropriate headers).
  • Force update checkbox (If certificate with given alias already exists, force flag must be checked to override existing certificate in Keystore and Virtual Databases).
  • Alias (Alias in keystore where certificate will be kept. By default, it's "global_use_certificate" alias).

Server Management Certificate

Server management Certificate section provides a way to see your current server management certificate, and also to change your server management certificate with it.

Flow:

  1. Choose certificate that you to want use for server management.
  2. Click "Commit" button to assign new certificate to the server management.

To start using the new certificate, you must restart the Heimdall.