Managing Certificates
The Certificates page shows the list of Identity and CA Certificates installed on Kraken devices.
- Identity Certificates: An Identity Certificate identifies the Kraken during the authentication process when trying to establish a TLS connection in Audit or HTTPS session startup. Its Common Name or Alternate Subject Names must match the device's IP address and/or its FQDN (Fully Qualified Domain Name) if DNS is used.
- CA Certificates: A CA Certificate is normally a root certificate from a certificate authority that is generally widely known and trusted. CA Certificates are stored on the Kraken so they can be used to authenticate CA-signed certificates from audit servers. You will need to import the root certificate from the CA that signed the certificate of the configured remote audit server. It is also recommended to import the root certificate of the CA that signed your Kraken identity certificate (if you have one).
From the Certificates page, you can generate self-signed certificates and certificate signing requests (CSRs), as well as import certificates or private keys.
Tip
Kraken provides a certificate expiry status, which alerts you when your certificate is within 30 days of expiring. Statuses are as follows:
- - The certificate expires in more than 30 days.
- - The certificate expires within 30 days.
- - The certificate is expired.