The web server running on the monitoring point provides administrative access via the Web Admin and Admin API interfaces, using HTTPS for secure communications on these interfaces. The default SSL certificate is self-signed, hence users accessing the monitoring point using these interfaces will receive security warnings complaining about an untrusted or invalid certificate, or that the hostname in the certificate does not match the monitoring point’s hostname. To eliminate these warnings, you can replace the self-signed certificate/key pair with your own trusted certificate/key pair and, if provided by the Certificate Authority, intermediate/chained CA certificates.

Determine if custom certificate/key file(s) are used

Web admin

  1. Log in to Web Admin.
  2. Navigate to Monitoring Point Settings > Web Server.
    • If Default is selected, then default certificate/key file(s) are being used.
    • If Custom is selected, then custom certificate/key file(s) are being used.

Admin API

  1. Log in to Admin API
  2. Navigate to Web > GET /web/ssl/.
  3. Click Submit.
    • If the Response Body section shows custom_key_certificate as “true”, then custom certificate/key file(s) are being used.
    • If the Response Body section shows custom_key_certificate as “false”, then custom certificate/key file(s) are not being used (the default monitoring point key and self-signed certificate are being used).

curl

  1. In APM, navigate to > Manage Monitoring Points.
  2. Find the hostname of your monitoring point in the Name column of the table.
  3. Determine if custom certificate/key file(s) are being used using:

    curl -k -X GET --header 'Accept: application/json' 'https://admin:<password>@<hostname>/api/v1/web/ssl/'
    
    • If the response shows custom_key_certificate as “true”, then custom certificate/key file(s) are being used.
    • If the response shows custom_key_certificate as “false”, then custom certificate/key file(s) are not being used (the default monitoring point key and self-signed certificate are being used).

Load custom certificate/key file(s)

Web admin

  1. Log in to Web Admin.
  2. Navigate to Monitoring Point Settings > Web Server.
  3. Select Custom.
  4. Click Upload new certificates.
  5. In the Private Key/Certificate field, click .
    • Either drag or browse to the file containing the private key and trusted public key certificate (PEM format).
  6. If you have CA certificates, in the CA Certificates field, click .
    • Either drag or browse to the file containing the CA certificates (PEM format).
  7. Click Submit.
    • The file(s) are loaded.
  8. Click Confirm to restart the Web Admin interface.
    • You will lose access for up to 30 seconds. The connection will then be reestablished.
    • The custom certificate/key file(s) will be used once the web server is restarted.

Admin API

  1. Log in to Admin API
  2. Navigate to Web > POST /web/ssl/.
  3. In the key_certificate_file field, browse to the file containing the private key and trusted public key certificate (PEM format).
  4. If you have CA certificates, in the certificate_authority_file field, browse to the file containing the CA certificates (PEM format).
  5. Click Submit.
    • You will lose access for up to 30 seconds. The connection will then be reestablished.
    • The custom certificate/key file(s) will be used once the web server is restarted.

curl

  1. In APM, navigate to > Manage Monitoring Points.
  2. Find the hostname of your monitoring point in the Name column of the table.
  3. Load the custom certificate/key file(s) using:

    curl -k -X POST --header 'Expect:' --header 'Content-Type: multipart/form-data' --header 'Accept: application/json' -F key_certificate_file=@<full path to key/certificate file> -F certificate_authority_file=@<full path to CA certificate file>  https://admin:<password>@<hostname>/api/v1/web/ssl/
    
    • The custom certificate/key file(s) will be used once the web server is restarted.

Use default certificate/key file(s)

Web admin

  1. Log in to Web Admin.
  2. Navigate to Monitoring Point Settings > Web Server.
  3. Select Default.
  4. Click Submit.
  5. Click Confirm to restart the Web Admin interface.
    • You will lose access for up to 30 seconds. The connection will then be reestablished.
    • The default monitoring point key and self-signed certificate will be used once the web server is restarted.

Admin API

  1. Log in to Admin API
  2. Navigate to Web > DELETE /web/ssl/.
  3. Click Submit.
    • Custom certificate/key file(s) will be removed.
    • You will lose access for up to 30 seconds. The connection will then be reestablished.
    • The default monitoring point key and self-signed certificate will be used once the web server is restarted.

curl

  1. In APM, navigate to > Manage Monitoring Points.
  2. Find the hostname of your monitoring point in the Name column of the table.
  3. Delete the certificate/key file(s) using:

    curl -k -X DELETE "Content-Type: application/json" https://admin:<password>@<hostname>/api/v1/web/ssl/
    
    • The file(s) are removed and the web server is restarted.
    • The default monitoring point key and self-signed certificate will be used once the web server is restarted.