Upload a default SSL certificate

You can set a domain-wide default SSL client certificate for a domain by uploading an SSL certificate to the domain. Any liveness tests using the secure protocols use the default certification, unless they are overridden by a liveness test specifying its own certification.

Before you begin

Make sure that you selected RSA as the SSL key type when you created a PEM-formatted default SSL certificate that you want to upload to an GTM domain. If you selected an SSL key type other than RSA, for example, EC private key, you will receive the following error:
certificate is not valid PEM format

The domain must have Edit scope access to perform this procedure.

You must upload the default SSL certificate in an existing domain. The Add New Domain page does not provide a default to upload certificates.

How to

  1. On the Traffic Management Domains, select the domain that you want to revise. The Edit Domain Settings page appears.
  2. Click the Settings tab to show the domain's settings. Note the Default SSL Certificate text and Manage Default SSL Client Certificate button at the bottom of the page.
  3. Click Manage Default SSL Client Certificate. A new window opens displaying information to manage the certificate upload.
    If the domain does not have a default certificate set, then the Certificate Status indicates that the "SSL Client Certificate is not currently set."
  4. To upload a PEM formatted certificate file, click Choose File. If Subject and Expires fields appear under the Certificate Status heading then the upload is successful.
    If the certificate has not expired, a Clear button appears under the status and the Save button is enabled.
    If the certificate has expired, a message appears indicating that status.
    Note: Expired certificates are not allowed.

    If you want to remove the SSL certificate, click Clear.

    Click Cancel to return to the Settings tab.

  5. Click Save if the certificate information is correct.
    Clicking the Save button will display a green banner with the text "The action has been completed." at the top of the page. You will also see green text that reads "Default SSL Certificate has been modified" next to the Manage Default SSL Client Certificate button.
  6. Click Add to Change List and then click Review Change List.
  7. Review the Change List Dialog changes, validate them, add a required comment, and click Activate Domain to save them.
    See Change List Detail Dialog for more information.