Create a trusted SSL certificate through the REST API
By default, sensors and consoles include a self-signed SSL certificate. However, you can improve the security and performance of your system by adding a trusted certificate signed by a certificate authority (CA). You can create the certificate signing request to send to your CA through the ExtraHop REST API. After you receive the signed certificate, you can also add it to your sensor or console through the REST API.
Before you begin
- You must log in to the sensor or console with an account that has system and access administration privileges to generate an API key.
- You must have a valid API key to make changes through the REST API and complete the procedures below. (See Generate an API key.)
- Familiarize yourself with the ExtraHop REST API Guide to learn how to navigate the ExtraHop REST API Explorer.
Note: | You can also perform the procedures in this topic through the Administration settings. For more information, see the following topics: |
Create an SSL certificate signing request
To create a signed SSL certificate, you must send a certificate signing request to a trusted CA.
Important: | The REST API Explorer is not available on Reveal(x) 360. |
Next steps
Send the signing request to your CA to create your signed SSL certificate.Important: | The signing request contains escape sequences that represent line
breaks (\n). Replace each instance of \n with a line break before sending the
request to your CA. You can modify the PEM request manually in a text editor or
automatically through a JSON parsing utility, as shown in the following example
command:echo '<json_output>' | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' Replace the <json_output> variable with the entire JSON string returned in the Response Body section. |
Thank you for your feedback. Can we contact you to ask follow up questions?