Certificates
Administration of SSL certificates
Last updated
Was this helpful?
Administration of SSL certificates
Last updated
Was this helpful?
This section allows admins to manage SSL Certificates. There are three kinds of certificates, each with its own tab:
Server Certificates, so that clients (end users) can communicate with Link11 WAAP using HTTPS.
CA Certificates, so that clients can communicate with Link11 WAAP using mTLS.
Server-to-Backend mTLS Certificates, so that Link11 WAAP can communicate with customer backends using mTLS.
Similarly, CA Certificates are also used in Server Groups. However, they are only available in the interface when using AWS NLB (Network Load Balancing). When using a Link11 load balancer, please contact support.
The list of currently defined Certificates is displayed in each tab. From here, new certificates can be generated, or existing ones can be edited.
All three types of certificates are administered using the same procedures, described below.
Selecting the + New button displays the Upload Certificate dialog:
Certificates can be added manually, or L11WAAP can parse a PFX file.
When an existing Certificate is edited, the Edit Certificate dialog appears:
Let's Encrypt is a free certificate authority service. L11WAAP integrates with it, and offers this service by default.
Once a day, L11WAAP will check each application it protects. If that application's certificate is going to expire in the coming week, and its Auto Replacement by Let's Encrypt option for that certificate is enabled, L11WAAP will generate a new certificate using Let's Encrypt, and will attach all of its sites to the new certificate.
This tab includes a list of Server Groups. Selecting one will connect this Certificate to it.
This tab includes a list of Certificates defined within the system. Selecting one and then clicking Save will result in all sites/applications being transferred from the selected Certificate over to the Certificate you're currently editing.
This will download the certificate information as a file in PFX format.
Out of the box, Link11 offers management of Server Certificates. To enable management of one or both of the other two types of certificates, follow the instructions here: .
Server Certificates can be attached to , or to domains via .
Server-to-Backend mTLS Certificates are used in .
By default, Link11 WAAP offers admins the ability to auto-replace certificates using Let's Encrypt, and to download certificates in PFX format. To remove these features from the web console and API, .
