Signing the MVE certificate

Secure Socket Layer (SSL) or Transport Layer Security (TLS) is a security protocol that uses data encryption and certificate authentication to protect server‑client communication. In MVE, TLS is used to protect the sensitive information shared between the MVE server and the web browser. The protected information can be printer passwords, security policies, MVE user credentials, or printer authentication information, such as LDAP or Kerberos.

TLS enables the MVE server and the web browser to encrypt the data before sending it, and then decrypt it after it is received. SSL also requires the server to present the web browser with a certificate that proves that the server is who it claims to be. This certificate is either self-signed or signed using a trusted third-party CA. By default, MVE is configured to use a self-signed certificate.

  1. Download the certificate signing request.
    1. Click on the upper‑right corner of the page.
    2. Click TLS > Download.
    3. Select Certificate signing request.
    Note: The certificate signing request includes Subject Alternative Names (SANs).
  2. Use a trusted CA to sign the certificate signing request.
  3. Install the CA-signed certificate.
    1. Click on the upper‑right corner of the page.
    2. Click TLS > Install Signed Certificate.
    3. Upload the CA-signed certificate, and then click Install Certificate.
    4. Click Restart MVE Service.
      Note: Restarting the MVE service reboots the system, and the server may be unavailable for the next few minutes. Before restarting the service, make sure that no tasks are currently running.