User Interface to support Custom Certificate authorities with Connector Appliance
CLOUD STATUS
Now AvailablePlatform - Connector Appliance
Previously, the Connector Appliance bundled a set of trusted root certificate authorities which had been carefully selected and reviewed. These were used to validate any outgoing connections that the connector established. However, if an intercepting proxy was present which needed to 'man-in-the-middle' traffic between the Connector and its destination, the proxy would be the target of the connection. To do this, the proxy would present its own certificate which the Connector Appliance might not have recognized, resulting in the connection being terminated.
Recently, APIs were added which allowed admins to provide a custom root certificate to be added to the bundle included with the Connector Appliance, allowing connections to be intercepted by proxies. This also allows verification of connections to on-premises components, for example when using Image Portability Service. Documentation on how to configure root certificates can be found here.
This change will greatly simplify the configuration of root Connector Appliances by providing a user interface on the Connector Appliance administrator interface to manage root certificate authorities, including adding, removing, toggling their use, and evaluating expiry dates.