(12.03-en) Web
Menu path: UMS Administration > Global Configuration > Certificate Management > Web
Overview
Here, you can manage the certificates for communication via the Web Port (default: 8443).
The Web Port is used for the following tasks:
- Device management and communication for devices with IGEL OS 12
- Provide data for the endpoint devices (WebDAV etc.)
- Provide data for other servers (High Availability; WebDAV etc.)
- Provide data for the UMS Web App
- Provide an entry point for IMI and WebStart
Use
- UMS Web App: Providing the browser with the certificate; see (12.03-en) UMS Web App: The Browser Displays a Security Warning (Certificate Error)
If you need to use an alternative certificate chain instead of the pre-installed one, see (12.03-en) Using Your Own Certificates for Communication over the Web Port (Default: 8443)
New root web certificates are deployed to IGEL OS 12 devices on reboot, see the section "If You Exchange a Root Web Certificate for IGEL OS 12 Devices" under (12.03-en) Using Your Own Certificates for Communication over the Web Port (Default: 8443).
Possible Actions
 Open the dialog Change Automatic Renewal Setting to toggle automatic certificate renewal.
The private key of the parent certificate (root CA or intermediate CA) must be known. The renewed certificate is assigned to the servers automatically.
Possible options:
- ACTIVATE automatic renewal: The end certificates in use will be renewed according to the number specified in Renew a used end certificate [number] days ahead of its expiration date.
- DEACTIVATE automatic renewal:Â The end certificates will not be renewed automatically.
 Create a root certificate.
 Create a signed certificate from the CA certificate (root or intermediate) that is currently selected.
 Remove the selected certificate from the UMS. Only certificates that are not currently in use can be removed.
 Renew the selected certificate; the dialog Create signed certificate is opened.
All settings except the expiry date (Valid until) can be left unchanged. The public key of the parent certificate (root CA or intermediate CA) must be known. Also, the expiry date of the parent certificate must be later than the new expiry date for the end certificate.
 Show the content of the selected certificate.Â
 Import a root CA certificate.
 Import a signed certificate for which the currently selected certificate is a parent certificate (root CA or intermediate CA).
 Import the decrypted private key for the selected certificate.
The private key is encrypted again when saved into the UMS Database.
 Import a certificate chain from a keystore.
 Export the certificate and its child certificates as a certificate chain to a keystore.
 Assign the selected certificate to one or more servers. For more information, see (12.03-en) Using Your Own Certificates for Communication over the Web Port (Default: 8443).