Certificates

the certificates pane is used to store certificates locally in belden horizon data operations self signed certificates when your instance of belden horizon data operations boots up for the first time, a self signed certificate is automatically created because the certificate generated by belden horizon data operations is self signed, web browsers detect that the certificate is not formally approved by a certificate authority that is why you will get browser warnings that the connection is not private/secure see docid 9s6ciystbmcm1t35ghauz for more information despite these warnings, all communication through belden horizon data operations and belden horizon data manager is done through https , which means it's encrypted end to end and the connection is always secure belden horizon data operations gives you the option to upload certificates and copy device public keys as required by your organization device certificates a device certificate (or ssl certificate) is a digital certificate that provides proof of the device's identity (belden horizon data operations instance) if required by your organization, you can replace the self signed certificate generated by belden horizon data operations with your own device certificate when you upload a device certificate, the connection to the device is validated as a secure connection for details on uploading a device certificate, see docid\ lz86nnl8p2psxmw5t8eh device certificate use cases you are not required to upload a device certificate for your instance of belden horizon data operations, but your organization may decide to upload one for the following use cases your organization's it policies require proper signed certificates for your belden horizon data operations instance your organization requires a domain name and any respective certificates to be attached to your belden horizon data operations instance device certificate requirements the certificate you upload must be an nginx certificate when uploading a device certificate, you will need to provide the following parameters ssl certificate the public key certificate associated with the device certificate ca chain the certificate authority's chain of certificates that validates the device certificate's public and private keys when validating this parameter, make sure it includes all intermediate certificate authorities private rsa key the private key certificate associated with the device certificate reset device certificates you have the option of using the reset to self signed device certificate function for device certificates this replaces the existing certificate with the automatically generated self signed one and creates a new expiry date for the certificate before you reset the certificate, verify that any system communicating with belden horizon data operations will not be negatively affected, as this invalidates all active ui sessions and the receiving of data from external sources custom ca certificates a ca certificate is a digital certificate issued by a certificate authority (ca) the ca certificate allows valid and secure connections between belden horizon data operations and other systems learn more about https //en wikipedia org/wiki/certificate authority from wikipedia to create a valid and secure connection between belden horizon data operations and belden horizon data manager, a custom ca certificate needs to be generated to complete this specific task, see docid\ dx7ltfke9hcgpqpjom du for details to upload a custom ca certificate not related to validating communication between belden horizon data operations and belden horizon data manager, see docid\ clqxeu0gvlu0h8ehochcu important when uploading a custom ca certificate, make sure the file is in crt format and that x509 encoding is used custom ca certificate use cases you can upload custom ca certificates for the following use cases enable a valid connection between belden horizon data operations and belden horizon data manger by providing the belden horizon data manager url as the endpoint for this specific use case, see docid\ dx7ltfke9hcgpqpjom du for details depending on the specific requirements of your organization, upload any required certificates provided by private cas if you are using integrations to connect to cloud services, some of these services may use custom certificate authorities that are not available from the trusted ca store in the belden horizon data operations instance in this scenario, you would need to add these ca certificates to the list of trusted custom ca certificates if you have a private docker registry, the applications marketplace refuses to connect to the registry because it is unable to validate the certificate you would then need to manually update the custom ca certificates device public keys the device public key is the belden horizon data operations system's identity/device footprint it is not related to certificates if your organization requires public keys to be accepted, you can copy it from the identity tab identity certificates identity certificates are required when a connection between a device (belden horizon data operations instance) and another service needs to be authenticated for example, when a connection is set up between belden horizon data operations and belden horizon data manager, an identity certificate is created that can be viewed in belden horizon data operations belden horizon data operations can have multiple identity certificates signed by different authorities when you create a connection between belden horizon data operations and belden horizon data manager, an identity certificate is automatically created that can't be deleted from belden horizon data operations certificate signing requests a certificate signing request (csr) is used to apply for an ssl/tls certificate the csr contains information that the certificate authority will use to create the certificate, such as common name, organization, and country it also contains the public key that will be included in your certificate and is signed with the corresponding private key you can copy/download the certificate signing request in belden horizon data operations and send it to a certificate authority for authorization the certificate authority can then send back a signed identity certificate you can then install this identity certificate in belden horizon data operations see docid\ tqytcaozfiyrij mxb kg and docid 4jqzgzqjnxr2l07fm9 ns for more details access system certificates ui in the belden horizon data operations navigation panel, navigate to system > network > certificates next steps docid\ lz86nnl8p2psxmw5t8eh docid\ clqxeu0gvlu0h8ehochcu docid\ jkh8emyyhziz8jshhvow3 docid\ tqytcaozfiyrij mxb kg docid 4jqzgzqjnxr2l07fm9 ns