No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Maintenance Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Security Certificates

Security Certificates

For details about the eSight security certificate list, see the eSight Certificate List released with the version.

Certificate Category

eSight classifies certificates into the following categories by usage scope:

  • Communication bus certificate: certificates used by the JMS, JMX, and ROA buses for SSL communication.
  • Nginx certificate: certificates used by eSight clients to communicate with eSight over HTTPS.
  • Other service certificate: certificates used by other services for SSL communication. eSight provides a temporary certificate. You are advised to replace the temporary certificate with a certificate applied from the Certificate Authority (CA).

Deploying a Security Certificate

  • After eSight is upgraded, you need to import the certificate again. Otherwise, eSight will be unavailable.
  • After eSight is installed for the first time, you can use your own certificate (CA or self-signed certificate) to replace the temporary certificate.
NOTE:

You are advised to apply for a certificate from a CA. Otherwise, a certificate error or security risk notification may be displayed when you try to log in to eSight using a browser.

eSight supports self-signed and CA certificates. The following table describes their differences.

Certificate

Description

Scenario

How to Obtain

Self-signed certificate

Temporary security certificate generated during eSight installation, which is used to ensure that eSight can run properly.

eSight uses the SHA256withRSA encryption algorithm.

If customers do not have CA certificates, they can use self-signed certificates.

  • The certificate is automatically generated during eSight installation.
  • This certificate can be generated by running the certificate tool.

CA certificate

Security certificate issued by a CA.

If customers have their own CA certificates, import the CA certificates.

NOTE:

If the certificate is not in .pfx format, you need to convert the certificate format to .pfx and then import the certificate.

This certificate is applied from a CA.

NOTE:

After a CA certificate is imported, a self-signed certificate will be generated if you perform the operation of generating a self-signed certificate.

  • You need to replace the certificate before it expires. If a certificate expires, eSight will be unavailable.
Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044373

Views: 24648

Downloads: 74

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next