To use HTTPS/SSL, not only an SSL key pair is required on the Management Unit, but also a (digital) SSL certificate. This server certificate performs the following two tasks:
The certificate is always system-specific (contains the FQDN) and proves the online identity of the system concerned for the browser on the administration PC.
The certificate provides the public key with which the browser encrypts its messages to the server on the administration PC.
A self-signed, system-specific certificate which was generated on the system is preinstalled as the standard certificate on each Management Unit.
You can also use other certificates instead of the preinstalled self-signed certificate. The following options are available:
Use of a self-signed certificate
The certificate must comply with the X.509 standard with PEM encoding and the certificate file must have the suffix .key.A certificate of this type is preinstalled on the system as the standard certificate. It must be explicitly confirmed or imported on any browser with which the SE Manager operates.
Use of a customer-specific certificate (signed by a customer CA)
If the customer-specific policy specifies the use of such a certificate, it can simply be installed.
The certificate is as a rule derived from a customer-specific root certificate. Such a certificate is known to the browsers the customer uses and is accepted without an inquiry (i.e. without being confirmed or imported).
Use of a commercial certificate (signed by a root CA)
A certificate of this type is created for a fee by a trusted root certification authority (CA) and is therefore known to all browsers. Consequently every browser accepts such certificates without an inquiry.