Trust Store
The SSL Certificate Enhancement feature in GigaVUE-FM ensures secure communication between GigaVUE-FM and the devices added to GigaVUE-FM. The Trust Store page in GigaVUE-FM enables security by maintaining a list of certificates provided by the devices. To add new devices to GigaVUE-FM and to manage the existing devices, you must add the root CA certificate of the respective devices to the Trust Store.
The Trust Store page lets you toggle between enabling and disabling security:
If you enable security, GigaVUE-FM performs the following: |
Verifies if the root CA certificate of the device is available in GigaVUE-FM. |
Adds the device only if the certificate is signed by an authorized CA. |
Verifies the chain of custom certificates, as required. |
If you disable security, GigaVUE-FM adds the devices without any validation. |
IMPORTANT RECOMMENDATION: Prior to adding the public certificates of the devices to the Trust Store, you must ensure to do the following:
Login to the devices and add the private key and certificate of the devices through CLI/Console into each of the devices. Use the cryptoCLI command for adding the keys and certificates. Refer to the GigaVUE-OS CLI Reference Guide for detailed information. |
Login to GigaVUE-FM CLI and add the private key and certificate of GigaVUE-FM through CLI/Console (into GigaVUE-FM). |
To access the Trust Store Page, click and select Certificates > Trust Store.
To add a certificate to GigaVUE-FM:
1. | Click Add on the Trust Store page. The Add Certificate page appears. |
2. | Enter an Alias for the certificate. |
3. | Click Choose File to upload the certificate. |
4. | Click Add. |
The certificate is added to the list view.
You can also perform the following operations:
- Filter: Click the Filter button to filter the records based on the selected criteria.
- Delete: Click Actions > Delete to delete the selected entry.
- Export: Click the Export button to export all or only the selected records in CSV or XLSX file format.
Updating Trust Store
With software version 5.12.xx, the default iSSL trust stores have been updated from Mozilla Firefox. Refer to apps inline-ssl in GigaVUE-OS CLI Reference Guide for more information on the commands that update or replace trust store.
If you do not wish to upgrade GigaVUE-OS to the software version 5.12. xx, follow the below instructions on how and where to download the latest Mozilla Firefox trust store, and how to append their additions to override the default trust store during the update.
GigaVUE-OS Version |
Customer Trust Store |
Gigamon Trust Store (CC*) with Custom Certificates |
Gigamon Trust Store |
|||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
Prior 5.12.00 |
No action |
|
|
|||||||||
With 5.12.00 |
No action |
|
|