Skip to content

Certificate Management

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

Certificate Management allows management for:

  • the LDAPS bind when using an encrypted connection to a configured LDAP-server such as Active Directory
  • the certificate for the Mideye Web GUI.

To accessCertificate Management, navigate to “Configuration” → “Certificate Management”. An overview of all the imported and fetched certificates will be shown.

Overview of all certificates on the Mideye Server

Import a new certificate

To import a new certificate, click “Import”. Then choose to import a certificate for LDAPs or Mideye Web GUI.

Import certificate selection page

Certificate for LDAPs

Info

Allowed certificate formats for LDAPs are: cer, pem and crt.

When importing a new LDAPS certificate, make sure that the certificate is present on the actual domain controller as well. Then follow these steps to import the certificate:

  1. Choose "Certificate for LDAPs".
  2. Click on "Choose File" and upload the file to the Mideye Server.
  3. Click "Import".
  4. The certificate will now show up in the "Certificate Management".
  5. Go to the LDAP profile and test the connection.

Certificate for Mideye Web GUI

Info

Allowed certificate formats for Mideye Web GUI are: pfx and p12.

  1. Choose "SSL/TLS certificate for Mideye Web Admin"
  2. Click on "Choose File" and upload the file to the Mideye Server.
  3. Enter the password for the certificate keystore file.
  4. If the private key entry has a different password, check the box and enter the second password.
  5. Click "Import".
  6. The certificate will now show up in the "Certificate Management".
  7. Use a web browser to go to the Mideye Web GUI and check in the browser that the correct certificate is being used.

Monitoring of certificate expiery

The expiry of imported certificates is monitored and presented in the dashboard of the Mideye Web GUI. The server also starts to issue warnings to the log files 10 days before imported certificates expire.

Troubleshooting

How do I get a .pfx file?

Read more in the Knowledge base on how to convert a CSR or .cer file into a .pfx file.

The wrong certificate is being used in the web browser

If the wrong certificate is being used in the web browser you might have to point to the right certificate in the Mideye Server keystore.

  1. Log in to the Web GUI
  2. Go to “Configuration” → “Certificate Management”.
  3. Click on the certificate and note the certificates "Alias".
  4. Go to the server containing the Mideye Server.

  5. Use a text editor and open the following file:

    Windows: C:\Program Files (x86)\Mideye Server 5\config\application-prod.yml Linux: /opt/mideyeserver/config/application-prod.yml

  6. Add the "Alias" string from step 3 to the file, in this example the "Alias" is webadmin. If the "Alias" ends with a 0, like webadmin0, remove the 0.

    server:
  port: 8443
  ssl:
    key-store: C:\Program Files (x86)\Mideye Server 5\config\keystore.pfx
    key-store-password: "123456789"
    enabled: true
    key-alias: webadmin
  compression:
    enabled: true
    mime-types: text/html,text/xml,text/plain,text/css, application/javascript, application/json
    min-response-size: 1024
    It now points to the Alias that the new certificate is using.