Certificates

The Certificates page lists all the certificates available in the certificate store. You can generate a new certificate or import a certificate in the Personal Information Exchange (PFX) format. You can also add, edit, and delete the certificates.

Generate Cohesity Managed Certificate

To generate a Cohesity Managed Certificate:

1. Navigate to Settings > Access Management > Certificates.

2. Click on the Certificates drop-down and select Generate.

3. In the Generate Cohesity Managed Certificate window, enter the following details:

   • Given Name – A name for the certificate that is easy to recall.

     This can be edited later.

   • Common Name (CN) - Domain name or the entity for which the certificate is issued.

   • Cluster/Region – Cluster/Region for which the certificate is generated. Only required when accessing from global mode or Data Protect mode.

   • Valid Till – Validity of the certificate. The default validity is one year.

   • Organization Issued To - [Optional] Organization to which the certificate is issued. The default value is Cohesity Inc.

   • Department Issued To - [Optional] Department to which the certificate is issued. The default value is Cohesity Inc.

4. Click Generate.

5. The new certificate will be generated and displayed on the Certificates page.

Guidelines to Generate Custom Certificate using OpenSSL

To generate a custom certificate using OpenSSL:

1. To generate a private key:

   #openssl genrsa -out tls.key 2048

2. To generate a CSR:

   #openssl req -new -key tls.key -out tls.csr

3. To self sign the certificate:

   #openssl x509 -req -in tls.csr -signkey tls.key -out tls.crt -days 365

If you require a password protected certificate, then instead of command 4 run command 5.

4. To export the certificate and the private key to PFX:

   #openssl pkcs12 -export -out tls.pfx -inkey tls.key -in tls.crt -certfile ca-chain.crt

5. To generate a password protected certificate.

   #openssl pkcs12 -export -out tls.pfx -inkey tls.key -in tls.crt -certfile ca-chain.crt -passout pass:MyStrongPassword

If you already have the certificate and private key in PEM format and only require the PFX file, then only run the commands in steps 4 or 5.

Import Custom Certificate

Certificates only in the Personal Information Exchange (PFX) format are supported.

To import custom certificates:

1. Navigate to Settings > Access Management > Certificates.

2. Click on the Certificates drop-down and select Import.

3. In the Import a Certificate window, enter the following details:

   • Given Name – A name for the certificate. This can be edited later.

   • Drag and drop the PFX certificate or click and upload the certificate file.

   • Password – Password of the protected file.

4. Click Import.

The certificate will be imported and displayed on the Certificates page.

Download a Certificate

You can download a certificate from the certificate store.

1. In the Cohesity Dashboard, select Settings > Access Management and select the Certificates tab.

2. Click the actions icon () for the required certificate and click Download.

The certificate will be downloaded in the .cer format.

Edit a Certificate

You can edit the name of the certificate.

1. In the Cohesity Dashboard, select Settings > Access Management and select the Certificates tab.

2. Click the actions icon () for the required certificate and click Edit.

3. Update the name of the certificate as needed.

4. Click Update.

Delete a Certificate

You can delete a certificate if you no longer need it.

1. In the Cohesity Dashboard, select Settings > Access Management and select the Certificates tab.

2. Click the actions icon () for the required certificate and click Delete.

3. Respond to the confirmation prompt.

4. Click Delete.