Add a Device Certificate

a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (belden horizon data operations instance) a device certificate for your belden horizon data operations instance is not required as the connection is already secured with an automatically generated self signed certificate refer to the self signed certificates and device certificates sections in docid\ ttrfaum 67ggto42db7xq for more information ssl certificate workflow refer to the image and descriptions below to review the process of adding an ssl certificate to belden horizon data operations (bhdo) or belden horizon data manager (bhdm) step 1 you will need to request an ssl certificate from your it team step 2 your it team will make a request for the ssl certificate from a certificate authority (ca) (for example, digicert) step 3 the ca will return the following to your it team the root ca certificate file any required intermediate certificates the ssl certificate file step 4 the it team will send you the following the root certificate file any required intermediate certificates the ssl certificate file the private key file step 5 you will apply the following in either belden horizon data operations (see steps below) or belden horizon data manager (see docid\ wkqexutqsdz2royibzbik ) the ca chain file (root ca file and all intermediate certificates) the ssl certificate the private key file you can add a device certificate in belden horizon data operations by navigating to system > certificates before you begin before you complete the steps below, make sure you do the following verify you have admin credentials for belden horizon data operations have access to a linux system verify that the the certificate you upload is an nginx certificate submit the certificate signing request in belden horizon data operations to a certificate authority and subsequently receive the device certificate with all required parameters (ca chain and private key) see docid 4jqzgzqjnxr2l07fm9 ns for details confirm with your it department if you require a custom ca certificate to be uploaded to belden horizon data operations before you add a device certificate if you need to upload a custom ca certificate, see docid\ clqxeu0gvlu0h8ehochcu for details step 1 create a backup of your device you will first need to create a backup of your device in case you need to recover its configuration settings follow the steps to docid 3pd38oj5fftb79fips5e8 step 2 generate key certificates you will need to collect the following parameters to create the device certificate ssl certificate the public key certificate associated with the device certificate you will receive the ssl certificate from the certificate authority after submitting the belden horizon data operations certificate signing request ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private key the private key certificate associated with the device certificate you will receive the private key from the certificate authority after submitting the belden horizon data operations certificate signing request to successfully submit the private key, ensure the following the private key is an rsa private key if the private key is not rsa, you will need to convert it using openssl you can use the following command openssl rsa in \<old file name> out \<new file> the private key is not encrypted if the private key is encrypted, follow up with your it department to decrypt it the steps below are an example to generate certificates locally you can obtain them from your organization’s it department note this action must be performed in a linux system outside belden horizon data operations to generate key certificates log in to a linux system enter the following command docker run name servercerts v /users/projects/docs/data/certificates/cert /certs e ca expire=365 e ssl expire=365 e ssl key=server key pem e ssl cert=server cert pem e ssl csr=server csr e ssl subject=localhost paulczar/omgwtfssl open the private key file in an editor of your choice to check if the key file is rsa the first line should look like this \ begin rsa private key step 3 add the device certificate you will now need to add the device certificate in belden horizon data operations to add a device certificate navigate to system > network click the certificates tab from the device certificates section, click the add icon the add certificates dialog box appears for ssl certificate , ca chain , and private key fields, do one of the following click the upload icon and select the certificate/key file paste the certificate/key into the field click submit step 4 restart the system the final step is to restart the system and verify the certificate appears in the certificates pane to restart the system from the certificates pane, navigate to system > device management the device management pane appears from the manage section, click reboot the system reboots once the system has restarted, log in and navigate to system > network > certificates verify the certificate appears in the certificates pane