HTTPS certificate is required for establishing secure management HTTPS connection to Citrix SD-WAN Orchestrator for On-premises. You can use the default HTTPS certificate available on the Citrix SD-WAN Orchestrator for On-premises GUI or upload a custom HTTPS certificate generated from any other framework such as OpenSSL or from a trusted authority. Custom HTTPS certificate allows you to have control over the security and the other subject parameters related to the certificate.
To view the default certificate, navigate to Administration > HTTPS Certificate.
In a provider managed setup, only provider administrators have access to regenerate and upload HTTPS certificate.
The Installed Certificate section provides a summary of the certificate that is installed on the appliance. The appliance uses this certificate to identify itself in the network.
The Issued to section provides details about who the certificate was issues to. The Common Name in the certificate matches with the name of the appliance, since the certificate is bound to the appliance name. The Issuer section provides the details of the certificate signing authority, who signed the certificate. The Certificate details include the fingerprint of the certificate, serial number, and the validity period for the certificate.
To regenerate the certificate, navigate to Administration > HTTPS Certificate and click Regenerate.
Regenerating the certificate disconnects any existing connected HTTPS sessions and restarts the HTTPS server. After the certificate is successfully regenerated, the GUI gets refreshed automatically.
You can generate HTTPS certificates from any other framework such as OpenSSL or from a trusted authority and upload it on the Citrix SD-WAN Orchestrator for On-premises. Certificate format supported is .crt and key format supported is .key.
To upload a custom HTTPS certificate, click Upload or drag the certificate and key files in the Upload Certificate and Upload Key boxes respectively. After successful upload, the GUI gets refreshed automatically.