Access to event endpoints can be secured with mTLS controls. If your client certificates are self-signed, then you must upload their CA certificate to Event Endpoint Management. The CA certificate must be in PEM format and can include multiple certificates.
Client certificates that are signed by well-known certificate authorities do not require CA certificate upload.
To prevent interruption of service, CA certificates must be replaced before they expire. Upload your replacement CA certificate before you delete the previous one.
To review your CA certificates and upload new ones, follow these steps:
- Log in to your Event Endpoint Management UI from a supported web browser (see how to determine the login URL for your Event Endpoint Management instance).
- Click the user icon
in the header, and then click Profile to open the Profile page. - If your user has the author role, then within the Profile page, switch to the CA certificates tab.
- A list of all your uploaded CA certificates is shown. Certificates that are close to expiry must be replaced with new certificates. Upload the replacement certificate before deleting the previous certificate.
-
To upload new certificates, click Add CA certificate.
a. Upload your CA certificate PEM file. The certificates in your PEM file are validated and displayed in a table.
b. Review the table of certificates and delete any invalid or expired certificates from the list, then click Add.