Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

221

222

223

224

225

226

227

228

229

230

Chapter 11: Web Logins

11-26

2. Upload the certificate as follows:

a) Mark the BSC Client Certificate radio button.

b) Click Browse, locate the file for the new certificate on your computer, and then

click Upload to upload it to the BSC.

3. Click the Web Logins tab in the administrator console, and then click the SSL

Certificate tab.

The SSL Certificate Generation page appears.

4. Mark the Use an uploaded PKCS #12 certificate checkbox on the SSL Certificate

Generation page. In the Select certificate for Login drop-down list, choose the

certificate you uploaded earlier. There is no need to complete the remaining text

boxes in this page.

5. Click Process to store the information and enable the PKCS #12 certificate as the

6. Many providers issue certificates that certify the requester's host name rather than an

IP address. If your certificate is host name-based, you must ensure that:

• The Redirect to hostname checkbox is checked in HTTP settings in the General

tab. For more information on this option, see “HTTP Server Settings” on page 10-

• The host name is registered in your organization's DNS table.

)

Special note about Certificate Revocation Lists

Some CAs put additional information into the certificates they issue, supplying the URL for

a Certificate Revocation List (CRL), which lists those certificates the CA has decided not to

certify any more. (This may happen, for example, for a web site that has been found to

install malicious software – the CA may decide not to vouch for the information about that

web server any more.)

If you use a certificate from a CA that publishes a Certificate Revocation List on the web,

there will be a URL address for the CRL in the root certificate, or the Web SSL certificate,

or in one of the chain certificates. You can see this address if you view the certificate

using the BSC option or other software.

If you use a certificate from a CA who uses CRLs, you will need to change the settings for

the “unregistered” role and all other roles to allow access to this special CRL. Otherwise,

some browsers may block users from logging in.

Recovering the Private Key

When you submit a CSR to a certificate provider, a private key for the certificate is also

generated and stored on the BSC. If the private key is lost or corrupted for any reason,

the certificate will no longer work. For that reason, it is good practice to either back up

the BSC database (as described in “Backup” on page 16-3) or download the private key

to your computer (as described on page 11-24) so that you can upload the “known

good” key to the BSC later.

To recover a previously saved or downloaded private key:

1. Click the Web Logins tab in the administrator console, and then click the SSL

Certificate tab.