Loading a Certificate to a CTERA Edge Filer

A TLS certificate is a digital credential that ensures secure communication by encrypting data exchanged between the connected clients to the CTERA Edge Filer.

A customer that uses a privately issued certificate on the CTERA Portal is required to upload the root CA to the CTERA Edge Filer so that the edge filer is trusted by the CTERA Portal. The certificate covers the following:

• The connection between the edge filer and the portal.
• When the object storage used by the CTERA Portal is accessed by Direct Mode and uses a X.509 Certificate signed by a private Certification Authority (a self-signed certificate) and not a public trusted certificate.
• The connection between the edge filer and a Syslog server.

The edge filer includes a self-signed certificate. Details of this certificate are displayed by accessing System > Certificates in the navigation pane.

Managing TLS Certificates

To import a TLS certificate to the CTERA Edge Filer:

1. In the Configuration view, select System > Certificates in the navigation pane.
   
2. Under TLS Certificate click Import TLS Certificate.
   
3. Paste the private key for the certificate in the top text box.
4. Paste the TLS certificate in .pem format in the bottom text box.
   The TLS certificate should be similar to the following example.
   
5. Click Save.

The certificate is imported to the edge filer:

Restoring the Edge Filer Self-signed Certificate

To restore the self-signed edge filer TLS certificate:

1. In the Configuration view, select System > Certificates in the navigation pane.
   
2. Under TLS Certificate click Regenerate self-signed certificate.
3. Click OK in the confirmation window to overwrite the existing certificate.
   The certificate is successfully regenerated. However, the edge filer no longer recognizes the old certificate and an internal error is displayed.
   
4. Proceed back to the edge filer to redisplay the Certificates screen with the regenerated certificate.

Any certificate that was installed to replace the self-signed certificate supplied by CTERA is overwritten with the original self-signed certificate supplied with the edge filer by CTERA.

Additionally Trusted Certificate Authorities

CTERA recognizes the most commonly trusted certificate authorities, such as DigiCert, GoDaddy, Thawte, and Verisign.

If you want to add a certificate authority that you trust, you can import the certificate authority to the edge filer list and all certificates from that authority will be trusted.

To add a trusted CA to the CTERA Edge Filer:

1. In the Configuration view, select System > Certificates in the navigation pane.
   
2. Under Additionally Trusted Certificate Authorities click Import Certificate Authority.
   
3. Paste the trusted root certificate.
4. Click Save.

The CA is added.

To remove a trusted CA to the CTERA Edge Filer:

1. In the Configuration view, select System > Certificates in the navigation pane.
   
2. Select the CA to remove from the edge filer trusted list.
   
3. Click Remove Certificate.