Uploading Certificates

Describes how to upload certificates through the Certificate Repository screen.

To upload certificates:

  1. On the ESA Web UI, navigate to Settings > Network > Certificate Repository.

    Certificate Repository screen

  2. Click Upload New Files.

    The Upload new file to repository dialog box appears.

    Upload Certificate screen

  3. Click Certificate/Key to upload a certificate file and a private key file.

CAUTION: Certificates have a public and private key. The public key is mentioned in the certificate and as a best practice the private key is maintained as a separate file. In ESA, you can upload either the certificate file or both certificate and private key file together. In ESA Certificate Repository, it is mandatory to upload the certificate file.

CAUTION: If the private key file is inside the certificate, then you have the option to upload just the Certificate file. The DSKs are identified using the UID column that displays the Key Id.

> **Note:** It is recommended to use private key with a length of 4096-bit.
  1. Click Choose File to select both certificate and key files.

  2. Enter the required description in the Description text box.

  3. Click Upload.

    CAUTION: If the private key is encrypted, a prompt to enter the passphrase will be displayed.

The certificate and the key file is saved in repository and the Certificate Repository screen is updated with the details.

When you upload a private key that is protected with a passphrase, the key and the passphrase are stored in the hard disk. The passphrase is stored in an encrypted form using a secure algorithm. The passphrase and the private key are also stored in the system memory. The services, such as Apache, RabbitMQ, or LDAP, access this system memory to load the certificates.

If you upload a private key that does not have a passphrase, the key is stored in the system memory. The services, such as Apache, RabbitMQ, or LDAP access the system memory to load the certificates.

If you are using a proxy server to connect to the Internet, ensure that you upload the required custom certificates of that server in ESA from the Certificate Repository screen.

Last modified January 30, 2025