10.10. Accessing the admin panel via SSL

When configuring various Acronis Cyber Infrastructure features, you may need to enter sensitive information such as credentials for user and email accounts, S3 services, and so on. The system uses a pre-generated self-signed certificate by default, and you may want to upload one issued by a trusted certificate authority instead.

Note the following before you proceed:

  1. You can upload an SSL certificate before creating the HA cluster. However, if you later create the HA cluster, the admin panel will move to the chosen virtual IP address. In case you have the certificate issued for the admin panel’s current IP address, you will need to acquire a new SSL certificate issued for the virtual IP address. In case you have the certificate issued for the domain name, ensure this domain name resolves to the virtual IP address.

  2. When you create, reconfigure, or destroy the HA cluster, the current certificate is overwritten by a self-signed one generated by the system. You will need to re-upload your certificate and key after completing either operation.

  3. If you acquired an SSL certificate from an intermediate certificate authority (CA), you should have an end-user certificate along with a CA bundle that contains the root and intermediate certificates. To be able to use these certificates, you need to merge them into a chain first. A certificate chain includes the end-user certificate, the certificates of intermediate CAs, and the certificate of a trusted root CA. In this case, an SSL certificate can only be trusted if every certificate in the chain is properly issued and valid.

    For example, if you have an end-user certificate, two intermediate CA certificates, and a root CA certificate, create a new certificate file and add all certificates to it in the following order:

    # End-user certificate issued by the intermediate CA 1
    -----BEGIN CERTIFICATE-----
    MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1X<...>
    -----END CERTIFICATE-----
    # Intermediate CA 1 certificate issued by the intermediate CA 2
    -----BEGIN CERTIFICATE-----
    MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9ON9<...>
    -----END CERTIFICATE-----
    # Intermediate CA 2 certificate issued by the root CA
    -----BEGIN CERTIFICATE-----
    MIIC8jCCAdqgAwIBAgICZngwDQYJKoZIhvcN<...>
    -----END CERTIFICATE-----
    # Root CA certificate
    -----BEGIN CERTIFICATE-----
    MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqG<...>
    -----END CERTIFICATE-----
    

To upload an SSL certificate, do the following:

  1. On the Settings > Management node > SSL access tab, click Upload.
  2. Upload an SSL certificate issued for the admin panel’s current IP address.
  3. Upload the private key. This option shows after uploading a valid certificate.
  4. Click Save.

The uploaded certificate will be added to the configuration of the web server that hosts the admin panel and you will be able to access it over HTTPS.

You can also generate a new self-signed certificate instead of the one used by default. However, it will not be trusted and you will have to manually accept it in your browser.