Release 1.2.0 introduces HTTPS for the Orchestrator user interface. Once an Orchestrator has been upgraded to release 1.2.0 any attempt to access the orchestrator through HTTP ("http://orchestrator/", "http://<IP>/", etc) will be redirected to HTTPS and the new fqdn of the orchestrator ("https://orchestrator. blastshield.io" in the default case). You have the facility to upload a certificate for the Orchestrator hostname. The certificate can either be a signed certificate for a previously downloaded signing request, or a zip archive containing both a private key and a matching certificate. BlastWave can provide a valid certificate for the default Orchestrator hostname and details on how to request that are given below. Note that by default, a self-signed certificate will have been generated which will cause a warning in your browser.
Your Orchestrator must be using firmware release 1.2.0 or higher.
If you are not using firmware release 1.2.0 or higher, then you must upgrade.
Learn about how to check what version firmware you are using here and learn about how to upgrade your Orchestrator here
You must have Read/Write access to the Orchestrator. You can verify this on your user profile in the Orchestrator.
Verify if you are using the Orchestrator default DNS suffix or if you have changed it
The steps you will perform depend on whether your Orchestrator is using the default DNS suffix, or if the DNS suffix has been updated.
If the Orchestrator is using the default DNS suffix (blastshield.io) then BlastWave will provide the certificate for the hostname orchestrator.blastshield.io.
If the Orchestrator is not using the default DNS suffix then you must upload a valid certificate for the Orchestrator hostname.
Step 1: Verify the current DNS suffix
Performed by the BlastShield Orchestrator Administrator
Login to the Orchestrator and firstly verify the Orchestrator is running release 1.2.0 or later by clicking on the Firmware menu on the left hand side of the main view and checking the Current Version of the Orchestrator firmware.
Verify the DNS suffix. Click on Network in the menu bar on the left-hand side.
The DNS suffix is shown in the Network Settings, DNS Suffixbox. In release 1.2.0 and above the default DNS suffix is "blastshield.io"and the corresponding default Certificate Common Name shown in the Certificatesettings is "orchestrator.blastshield.io".
This is illustrated in the following screenshot. Note that by default, a self-signed certificate will have been generated which will cause a warning in your browser.
Step 2: If you are using the default DNS suffix, request BlastWave to upload the certificate
If you are using the default DNS suffix of "blastshield.io" then your Orchestrator hostname will be "orchestrator.blastshield.io". You must open a support ticket to request us to upload the certificate for "orchestrator.blastshield.io".