Using a TLS Certificate for Canary Services (version 24)
By default, Canary generates a self-signed certificate for its services that require a secure encrypted connection. This certificate, however, is not a trusted certificate. If wishing to ensure the identity of the server the user is connecting to, a trusted TLS certificate is needed.
In order to utilize a TLS certificate Canary requires that it
- Be issued by a public CA (e.g. DigiCert, GoDaddy).
- Contain a private key
- Has the desired url for its subject name
Once issued, this certificate will need installed on the server. The service which is intended to use this certificate must then be updated. This is accomplished by opening the appropriate tile within the Canary Admin client and navigating to the Configuration or Settings tab (depending on the tile) at the bottom. For example, if wishing to update Axiom's certificate information:
- Open the Axiom tile and navigate to Configuration>Endpoints.
- Under CERTIFICATE (HTTPS), select the Certificate option from the Kind drop-down menu. This will present the user with 3 parameters to fill out: the Store Name, Find Type, and Subject Name.
- Select the appropriate Store Name based upon where the certificate is installed.
- Choose the Find Type, whether you are searching by SubjectName, Thumbprint, or TemplateName.
- Enter the subject name, thumbprint, or template name value into the Subject Name field.
Once configured, the user should be able to click the 'INFO...' button and verify the details of the certificate. If the button does not appear, that indicates the service is not able to locate it, based upon the criteria provided.