Auto generate certificates

Access Gatewaycan assign both wild card and hostname certificates. In addition Access Gateway can generate and associate certificates with applications.

Certificates are used with applications in one of in several ways:

  • Certificates can be generated when an application is created.
    Generated certificates are self-signed and mainly used for development and testing of the application in non-production environments.
  • Certificates can be uploaded to Access Gateway using the Access Gateway Management console.
    When new certificates are loaded for the same domain they overwrite any existing certificates.
  • Certificates are assigned to applications using the Access Gateway Admin UI console, by application.

When initially creating an application, the following logic is used to associate certificates with the application.

  1. If a certificate already exist for the application domain, then the application uses the existing certificate.
    The certificate could have been created automatically, or loaded through the management console.

  2. If the certificate doesn’t exist, then a self-signed wildcard or hostname certificate is created and associated with the application.

After application creation certificates can be associate with applications by common name.  See Associate certificates for more information.

Topics

Hostname Certificates

To use an auto-generated hostname certificate in the Access Gateway:

  1. Navigate to the Access Gateway Admin UI console.
  2. Select the Applications tab.
  3. In the Settings tab expand Advanced
  4. Ensure the Certificate Type toggle is enabled.
    Enable certificate toggle.
  5. Save the changes, or cancel as required.
  6. In the same row click the Goto Application icon and choose IDP or SP initiated.
    Goto application icon.
  7. When the application is reached click the Not Secure button to the left of the application URL.
  8. Click Certificate.
    Self signed hostname generated certificate.
  9. Note: For hostname certificates, the domain shown in the “Issued to:” field shows the fully qualified domain name (FQDN) of the host server.

Wildcard Certificates

When an application is created and no certificate has been loaded that corresponds to the application’s domain a certificate is generated. The following steps detail how to create applications using wildcard and hostname certificates.

To use an auto-generated wildcard certificate in the Access Gateway:

  1. Navigate to the Access Gateway Admin UI console.
  2. Select the Applications tab.
  3. Click the pencil icon in the row containing the application which should be associated with the certificate.
    In this tutorial we use the Sample Header App.
    Click edit app icon for the selected row.
  4. In the Settings tab expand Advanced
  5. Ensure the Certificate Type toggle is disabled.
    Enable certificate toggle.
  6. Click Done.
  7. In the same row click the Goto Application icon.
    Goto application icon.
  8. When the application is reached click the Not Secure next to the application URL.
    Secure Application.
    Info

    Note

    This tutorial uses Google Chrome. Other browsers have similar functionality but may use different steps.

  9. Click Certificate.
    Secure Appication.

    The certificate associated with the application is then displayed.
    Self signed generated certificate.

    Info

    Note

    With wildcard certificates, the domain shown in the Issued to: field is prefixed by an * (asterisk) to show this certificate can be used for any hostname that is in the applications domain.
    Note the Issued by: field, indicating this is a self signed certificate.

Next Steps