Certificates Management

Overview

This feature allows users to manage digital certificates within My OPSWAT Central Management (MOCM), including creating, importing, deleting, assigning, and unassigning certificates to product instances such as MetaDefender Core (MD CORE) and MetaDefender Kiosk (MD KIOSK).

1. Accessing Certificate Management

  • Navigate to the Certificates section in the MOCM Settings area.
  • You will see a list of all available certificates and their current assignment status.

2. Importing a Certificate

  • Click Import Certificate.
  • Upload the certificate file and private key (e.g., .pem, .crt, .pfx).
  • Provide any necessary credentials or passphrases.
  • Click "Add" to complete the import.
  • The imported certificate will appear in the list.

3. Certificate Details

To view the details of a certificate, users can click on any certificate listed in the certificate table. This will open the certificate details screen, as shown below.

The user can select others action by clicking the "Select Action" Dropdown button:

Users can choose from four available actions for managing certificates:

  1. Assign to Instance – Assign the certificate to a specific instance.
  2. Assign to Policy – Link the certificate to a policy, which can then be applied to one or more groups.
  3. Download – Download the certificate for local use or backup.
  4. Delete – Permanently remove the certificate from MOCM.

4. Managing a Certificate

4.1. Assigning a Certificate

Users can assign certificates either to individual product instances (e.g., MD CORE, MD KIOSK) or to product groups via policies. This can be done from two locations in MOCM:

Where You Can Assign Certificates

  • From the Certificate List View:
    • Navigate to the Settings -> Certificates section.
    • Locate the desired certificate in the list.
    • Click the 3 dots button and choose either: Assign to Instance or Assign to Policy
  • From the Certificate Details Page:
    • Click on a certificate to view its details.
    • Use the Select Action dropdown to select:
      • Assign to Instance
      • Assign to Policy

Assign to Product Instance

Assigning a certificate to a specific product instance guarantees secure communication and authentication for that deployment. This approach is best suited when each instance requires a distinct certificate.

Steps:

  1. Select Assign to Instance.
  2. Select the product type to assign
  3. Choose the target instance from the list.
  4. Confirm the assignment.

Assign to Product Group (Policy)

Assigning a certificate to a policy applies it to all product instances governed by that policy, streamlining management across deployments. This is especially useful for maintaining consistent certificate usage in similar environments.

Steps:

  1. Select Assign to Policy.
  2. Choose the appropriate policy.
  3. Confirm the assignment.

4.2. Viewing Assigned Certificates

  • In the Certificates section, click on a certificate to view its details.
  • You’ll see a list of product instances it’s currently assigned to in the "Distribution" tab.

Each row in the certificate table includes the following details:

  • Name: The name of the instance or policy.

  • MOCM Type: Indicates the distribution type — the certificate can be assigned to a policy, device, or service.

  • Product: Specifies the OPSWAT product affected by the certificate.

  • Assigned By: The user who assigned the certificate.

  • Management Status: Shows the current distribution status, which can be:

    • Assigned: The certificate is successfully assigned.
    • Un-assigning: A user has initiated the unassignment process. MOCM will request the device or instance to fully remove the certificate.
    • Unassign Failed: The unassignment process failed. MOCM will display the failure reason in a dialog box.

  • Assign Date: The date the certificate was assigned.

4.3. Unassigning and Force Unassign a Certificate

  • Navigate to the certificate details and select the Distribution tab
  • Click Unassign next to the relevant instance.
  • Confirm the action to remove the certificate from the instance.

When a user confirms the unassignment of a certificate, MOCM sends a request to the target instance to remove it. The status will change from "Assigned" to "Unassigning."

Once the instance successfully removes the certificate, MOCM will remove the corresponding instance or policy from the list.

If a user chooses the "Force Unassign" option, MOCM will immediately remove the certificate assignment without waiting for confirmation from the instance. The certificate then might be converted from a centrally managed certificate to a local one, and will be managed directly on the product.

4.4. Delete a Certificate

  • Locate the certificate you want to delete.
  • Click the action menu next to the certificate.
  • If the certificate is not currently assigned to any device or instance, the Delete option will be available.
  • Confirm the deletion.

Best Practices

  • Regularly review certificate expiration dates.
  • Avoid deleting certificates that are actively in use.
  • Unassign all certificates from all devices/instances and policies to remove the certificate
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Server Configuration
On This Page
Certificates Management1. Accessing Certificate Management2. Importing a Certificate3. Certificate Details4. Managing a Certificate4.1. Assigning a Certificate4.2. Viewing Assigned Certificates4.3. Unassigning and Force Unassign a Certificate4.4. Delete a CertificateBest Practices