Install Your Own SSL Certificate in Netreo

Netreo ships with a built-in self-signed certificate for use with SSL/TLS in order to make secure communications with Netreo simple.

If you wish to use a fully-signed certificate with Netreo, you can install one yourself through the Netreo UI.

Navigate to the the SSL/TLS Certificate Administration page (Administration > System > SSL/TLS Certificate Administration).

Then, follow the instructions below for the appropriate type of certificate you wish to install.

CA Signed Certificate

1. Click the Generate a CSR button to open the certificate signing request form.
   
2. Fill out the form and click the Submit button.
3. A certificate signing request is generated. Copy the contents into a text document and send to your certificate authority of choice. Be advised that there is no way to retrieve this text again once you have navigated away from this page—short of re-filling out the form.
   
   1. You can now navigate away from this page, or click the Return to SSL Certificate Administration button to complete another form.
   2. When you have received your certificate, return to the SSL/TLS Certificate Administration page to continue with the next step.
4. Click the Install Certificate from generated CSR button.
5. Click the Browse button to locate your certificate file, and then click the Submit button.
   1. A message will appear that your new certificate is installed and that the apache http server is restarting.
   2. Do not refresh the page after clicking Submit.
6. (Optional) If you want Netreo to automatically provide https redirection for users, click the HTTPS Redirection button.
   
   1. Enter the FQDN (or common name as seen on your certificate) of Netreo and click Submit. Netreo will restart the apache http server with https redirection.
   2. You should see a lock icon in the address bar of your browser, indicating that Netreo is now secure. Click this icon to see information about your newly installed certificate.
7. You are now finished. See Troubleshooting below for help if you experience any problems.

Wildcard Certificate

1. Click the Install Certificate and Key button.
   
   1. Click the Browse button to locate your certificate file.
   2. Click the Browse button to locate your key file.
   3. Click the Submit button.
      1. A message will appear that your new certificate is installed and that the apache http server is restarting.
      2. Do not refresh the page after clicking Submit.
2. (Optional) If you want Netreo to automatically provide https redirection for users, click the HTTPS Redirection button.
   
   1. Enter the FQDN (or common name as seen on your certificate) of Netreo and click Submit. Netreo will restart the apache http server with https redirection.
   2. You should see a lock icon in the address bar of your browser, indicating that Netreo is now secure. Click this icon to see information about your newly installed certificate.
3. You are now finished. See Troubleshooting below for help if you experience any problems.

Other Certificate Types

Installation of certificate types other than self-signed and wildcard single certificates is not supported through the Netreo UI.

To install certificate chains or certificates with Subject Alternative Name (SAN) values, contact Netreo support. Our support engineers will be happy to install those certificate types in Netreo for you.

Troubleshooting

If, after installing your certificate, you experience any unexpected behavior—such as your browser not showing Netreo as secure after installing a certificate—try clicking the Restart HTTP Server button on the SSL/TLS Certificate Administration page. This will immediately restart Netreo's apache http server, which often solves minor issues.