About SSL Web Server Certificates
An SSL web server certificate authenticates the identity of a
web site and encrypts information passed between the web server
and the web client using Secure Sockets layer (SSL) technology.
A default self-signed SSL certificate is provided with the MSL
server at no additional cost. You can instruct remote users to install
this certificate in their workstations in order to prevent the “Certificate
Error: Navigation Blocked” message from appearing when they attempt
to log in to the MSL Server Manager.
For enhanced security and ease of use, obtain a signed SSL certificate
from a third-party Certificate Authority (CA). Two options are available:
- Let's Encrypt: Let’s Encrypt is a free, automated, and open
Certificate Authority. It enables you to obtain a valid SSL certificate
simply by providing your domain settings and then clicking a button.
The acquired certificate is monitored and renewed automatically.
This service is supported on single-server, standalone MSL systems
that are accessible to the Internet.
- Other 3rd-Party: An alternative third-party Certificate Authority
issues an SSL certificate upon request, typically for a fee. Companies
such as Entrust and GoDaddy provide such services. To obtain a generic
SSL certificate, you must first generate a Certificate Signing Request
(CSR) on the MSL system and send it to the CA. The CA will then
return a package containing your web server certificate, plus any
intermediate certificates that are required to maintain the certificate
key chain. Optionally, you can download the SSL certificate and private
key from the local MSL server, and upload these files to other servers
in your domain.
As with the self-signed SSL certificate, a third-party SSL certificate
enables remote users to log in to the MSL
Server Manager without receiving an error message. It also allows users
to establish connections and receive their deployment configurations.
For more information and programming instructions, see: