System certificate considerations

Content Platform for Cloud Scale Administration Guide

File Size
1945 KB
Part Number

Keep the following in mind when configuring SSL certificates for your system, especially if you are configuring the system to use one or more certificates that you create yourself:

  • Do not allow any of the SSL certificates to expire.
  • Adhere to the established best practices for setting up SSL certificates. For example, if you are using wildcards to identify hostnames in an SSL certificate, a wildcard should appear only at the beginning of the hostname, not in the middle.

    For information on SSL best practices, see and

  • Ensure that the DNS name for the system matches the name defined in the certificate. If you rename the system you need a new certificate.
  • When configuring a certificate chain, ensure that all intermediate issuers have the appropriate signing authority permissions so that the entire chain is signed.
  • If you regenerate or upload an SSL certificate you must repair (that is, restart) the S3 Gateway and MAPI Gateway services for the change to take effect.
  • If encryption is enabled you must also repair the Key Management Server service and unseal the vault.