0

Using a TLS Certificate for Canary Services (version 24)

Knowledge Base / Version 24 / System Admin Duties / General

By default, Canary generates a self-signed certificate for its services that require a secure encrypted connection. This certificate, however, is not a trusted certificate. If wishing to ensure the identity of the server the user is connecting to, a trusted TLS certificate is needed.

In order to utilize a TLS certificate Canary requires that it

  • Be issued by a public CA (e.g. DigiCert, GoDaddy).
  • Contain a private key
  • Has the desired url for its subject name

Once issued, this certificate will need installed on the server. The service which is intended to use this certificate must then be updated. This is accomplished by opening the appropriate tile within the Canary Admin client and navigating to the Configuration or Settings tab (depending on the tile) at the bottom. For example, if wishing to update Axiom's certificate information:

  1. Open the Axiom tile and navigate to Configuration>Endpoints.
  2. Under CERTIFICATE (HTTPS), select the Certificate option from the Kind drop-down menu. This will present the user with 3 parameters to fill out: the Store Name, Find Type, and Subject Name.

  3. Select the appropriate Store Name based upon where the certificate is installed.
  4. Choose the Find Type, whether you are searching by SubjectName, Thumbprint, or TemplateName.
  5. Enter the subject name, thumbprint, or template name value into the Subject Name field.

Once configured, the user should be able to click the 'INFO...' button and verify the details of the certificate. If the button does not appear, that indicates the service is not able to locate it, based upon the criteria provided.

2 replies

null
    • erice
    • 12 hrs ago
    • Reported - view

    OK - once the Certificate is loaded and the URI added to the Axiom component, Do I need to remove the other URI? When I use the URI for the certificate, it redirects to the non-secure URI for login information, then once the log-in information is entered it redirects back to the certificate Uri. It's not clear from the steps what I am doing wrong. Can someone give me some guidence. Thanks

      • smason
      • 11 hrs ago
      • Reported - view

      You can leave or remove the original Axiom URI. It all depends on if you want users to be able to access Axiom using the old URL.

      What you probably want to do though is configure Identity to also use that same trusted certificate that Axiom is configured to use because it is still using the non-secure URI for the authentication page.

Login to reply

Content aside

print this pagePrint this page
Related Articles
Changing Canary Server Names (version 24)
Data Security (version 24)
Upgrading Canary Software (version 24)
Silent Install Option (version 24)
Using a TLS Certificate for Canary Services (version 24)
How to Back-Up Canary Software (version 24)
Relative Intervals and Datetimes (version 24)
Default Install Directories (version 24)
How to Migrate the Canary Historian to a New Server (version 24)
How to Enable the Enhanced Audit Log (EAL) (version 24)
Canary Endpoints/Ports (version 24)
Configuring Disk Space Limit For Historian (version 24)
How To Change the Data Historian Location (version 24)
Configuring the Canary System to Send Email Alerts (version 24)
How to Change the Canary Base Path Location (version 24)