Install a Custom CA Certificate Chain

You can install or replace a custom CA Certificate chain for the Conductor, which allows the Conductor to generate the CSRs you need to get signed certificates, and so the Conductor can verify the signed certificates you install. When you install custom certificates, they replace the default Tempered factory-installed certificate chain.

Before installing custom certificates on Conductor and Airwall Edge Services, you need to upload the intended certificate chain to Conductor. To install a custom certificate authority chain:

  1. Log in to the Conductor with a System Administrator account.
  2. Go to Settings > General Settings > Certificates.
  3. To install certificates initially, select Install CA certificates.
    To replace certificates, select Replace CA certificates (supported in v2.2.8 and later)
  4. Select Choose File and select a concatenated PEM file containing all of CA chain certificates (the full CA chain including the root). This is the certificate chain against which Conductor validates the signed Certificate Signing Request.
  5. Select Upload.
The Conductor checks that the uploaded certificates validate the chain of trust and are not expired. You can now Add or Replace a Signed Certificate for the Conductor UI.