Install a Customer CA Certificate Chain

Conductor supports installing custom certificates to replace the default Tempered Networks factory-installed certificate chain. These steps help you get started installing a custom CA chain into the Conductor.

Before installing custom certificates on Conductor and HIPservices, you need to upload the intended certificate chain to Conductor. To install a custom certificate authority chain:
  1. Log in to the Conductor with a System Administrator account.
  2. Go to Settings > General Settings > Certificates and click Install CA Certificates.
  3. Upload a concatenated PEM file containing all of CA chain certificates. This is the certificate chain against which Conductor validates the signed Certificate Signing Request.
  4. Conductor checks that the uploaded certificates validate the chain of trust and are not expired.
Once the custom CA Chain has been installed, the Conductor and individual HIPswitch custom certificates can be provisioned:
  1. Provide the Identity (Distinguished Name) of the Conductor or HIPswitch for your Enterprise. For example, /C=US/O=TemperedNetworks/OU=Example/CN=conductor.example.com
  2. Submit the Certificate Signing Request (CSR) generated by the Conductor or HIPswitch to your Enterprise PKI Registration Authority.
  3. Upload the custom-CA signed Certificate into the Conductor. This will install the certificate on the Conductor or HIPswitch.
Important: For Conductors in HA environments, both Conductors must not be HA paired to upload and install custom certificates. Follow the above steps for each Conductor. Once complete, HA pair the Conductors.