Add or Replace a Signed Certificate on an Airwall Gateway for Conductor Communication
By default, the Airwall Gateways come with a Tempered factory-installed certificate. You can add your own custom CA certificate to use for Conductor communication.
- Supported Versions
- 2.2.10 Airwall Gateways and Conductor
- Supported on these Airwall Edge Services
- Airwall Gateways
Before you Begin
Before you can upload or replace a signed certificate, you need to have a CA certificate chain installed so that the Conductor can verify the certificates. For more information, see Install a Custom CA Certificate Chain.
Step 1: Request and copy a CSR (Certificate Signing Request) for the Airwall Gateway
Once you’ve installed CA certificates (see Install a Custom CA Certificate Chain), you can generate a Certificate Signing Request (CSR) to create a certificate (for example, with a PKI Registration Authority) for Airwall Gateway to Conductor Communication:
- In Conductor, open the Airwall Gateway for which you want to add a custom CA certificate.
-
Go to
.Note: If the PKI tab is not visible, either the Conductor doesn't have custom CA certificate chain uploaded and you need to Install a Custom CA Certificate Chain, OR the Airwall version is not 2.2.10 or later.
-
Select Get certificate.
If you are replacing a certificate, open the Actions menu on the existing certificate and select Replace certificate.
-
If you're adding a new certificate, under Distinguished
Name, enter the Identity (Distinguished Name) for the
certificate. For example,
/C=US/O=Tempered/OU=Dev/CN=cond.example.com
Note: If you’re replacing a certificate, the Distinguished name remains the same. - Select Request CSR.
- Under CSR, select either Copy or Download to generate and get the CSR you need to get a signed certificate.
- Select Cancel to close the dialog, or leave it up while you get the signed certificate.
Step 2: Get a signed certificate
Use the CSR to request a new signed certificate. You can generate a new signed certificate using your organization’s own process, or with a public PKI Registration Authority.
- Submit the Certificate Signing Request (CSR) you copied or downloaded to your Enterprise PKI Registration Authority. They use it to create your certificates.
- When you get the certificates, download or copy them.
Step 3: Upload the signed certificate to the Airwall Gateway
- In Conductor, open the Airwall Gateway for which you have a custom CA certificate.
- Go to .
- Open the Actions menu on the existing certificate and select Edit
-
Under Signed Certificate, paste the custom-CA signed
certificate to install the certificate on the Airwall Gateway.
- Select Save.