Accepting a self-signed certificate after a change
Your system is less secure if, instead of implementing signed server certificates, you accept self-signed certificates. If,
after acceptance, the self-signed certificate’s public key changes, the system negates the certificate, changes the green
shield icon on the Allowed Hosts tab to a yellow icon with an exclamation mark (
), and denies access, causing an error.
), and denies access, causing an error.
Prerequisites: You are working in
If you trust the new key, follow this procedure to accept the changed certificate. If you suspect something is wrong, investigate
further. Do not accept a self-signed certificate with a new public key unless you are confident that it is secure. Better
yet, stop using self-signed certificates and implement signed certificates, which provide server authentication as well as
encryption.
Perform the following steps:
- To access an Allowed Hosts tab do one of the following:
- To access the
- To access the platform/station Allowed Hosts list, expand Platform and double-click Certificate Management in the Nav tree. Then, click the Allowed Hosts tab.
- You may also access the platform/station stores by expanding and double-clicking CertManagerService in the Nav tree.
The tab opens. - To access the
- To confirm that the public key changed, select the certificate row in the table and click View.The certificate opens in the Detected Public Key Change window.
The screen captures show an example certificate after scrolling down to the mid-scroll and end-scroll regions.
- Confirm at least the
Issued ByandSubjectproperties.The two names should be names you recognize as belonging to your company. - Accept the self-signed certificate with the new public key, click Accept.The certificate icon changes to a green shield with a check mark.