Explore Our Topics

TLS/SSL certificates are essential for secure data exchange and verifying information integrity. To simplify working with certificates, Mividas Installer provides a suite of tools for certificate management.

Note: If valid certificates are delayed, Mividas Installer can generate temporary test certificates, including both a root CA and an intermediate CA issuer. These test certificates are intended only for development or proof-of-concept environments.

Access the certificate management tools by navigating to Certificates in the top menu.

Certificate Management Overview

In Certificates, you can upload certificate pairs, view certificate details, and manage existing certificates. For demo setups, a self-signed CA and certificate generator are also included.

When you first open Certificates, you’ll see an overview listing all available certificates with details such as expiration date, upload date, and issuer. You can also delete certificates as needed.

Click on a certificate’s title to view its details. You’ll find options to update the certificate, create a CSR request, or export the private key.

General Information about Certificates

Certificates should be in Base64-encoded PEM format, with the public certificate containing the full chain for compatibility across various services, browsers, and video conferencing systems.

The public certificate file should include the service certificate followed by the intermediate certificate(s) and the root CA. If the file contains only one certificate, some devices or services may not work correctly, even if everything looks good in the administrator’s web browser.

The public certificate file should include:

  1. The service certificate.
  2. Any intermediate certificates.
  3. The root CA.

Example Public Certificate Structure:

-----BEGIN CERTIFICATE-----
(Service certificate content)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Intermediate CA content)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
(Root CA content)
-----END CERTIFICATE-----

For external validation, use tools like SSL Labs or run openssl s_client -connect core.example.org:443 from the command line.

Uploading or Generating Certificates

Scroll down on the Certificate Overview page to find tools for:

  • Uploading new certificates.
  • Generating temporary self-signed certificates for products without assigned certificates.
  • Creating new certificates.

Adding Custom CA Certificates

To allow secure communication between services, such as enabling Meeting Portal (e.g. portal.example.org) to interact with Mividas Core (e.g., core.example.org), upload custom CA certificates. This ensures that the CA signing core.example.org is trusted by the Mividas Portal server.

Access custom CA tools by navigating to Certificates > CA / Intermediary in the Mividas Installer.

Certificate details

The Certificate Details page allows you to view information and perform actions for a specific certificate. To access this page, navigate to Certificates in the header menu and click on the desired certificate name in the overview.

Certificate details

At the top, you’ll see a table displaying general information about the certificate. Scroll down to access additional tools and actions, as described below.

Update Certificate

To update the certificate, fill in the form with the certificate name, private key, and public certificate. Click Update to save changes or Delete to remove the certificate.

Public Certificate

The public certificate content is displayed in a text field, and you can download it by clicking Download .

Generate CSR

To create a CSR (Certificate Signing Request), complete the form and click Create CSR request .

Export Private Key

If you need to export the private key, simply click Export .

FAQ

Here are some frequently asked questions (FAQs) to help you find the answers you’re looking for.

To create a certificate bundle for your Mividas setup, follow these steps to ensure the correct sequence and format:

  1. Open a Plain Text Editor: Use a simple text editor, such as Notepad or Gedit, to avoid adding hidden formatting.
  2. Order the Certificates:
    • Nginx and similar servers require all certificates in a single file.
    • Start with the server certificate, followed by the intermediate certificate(s), and finally the root certificate.
  3. Copy and Paste Certificates:
    • Begin by copying the entire text of the server certificate
      (including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines)
      and paste it at the top of the document.
    • Next, add the intermediate certificate below the server certificate.
    • Finally, paste the root certificate at the end.
  4. Save the Bundle: Save the file with an appropriate name (e.g., certificate_bundle.crt).
    Make sure it retains the .crt, .pem or .cer extension.
  5. Verification: Before deploying, verify the concatenated order aligns with your server’s requirements. For example:
    • Nginx expects the server certificate at the beginning of the file, followed by intermediate and root certificates.

By following these steps, you create a valid certificate chain that Mividas and other servers can use to verify secure connections.

Certificate Bundle Example:

-----BEGIN CERTIFICATE----- 
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG 
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 

...SERVER CERTIFICATE 

AbEVtQwdpf5pLGkkeB6zpxxxYu7KyJesF12KwvhHhm4qxFYxldBniYUr+WymXUad 
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME 
HMUfpIBvFSDJ3gyICh3WZlXi/EjJKSZp4A== 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG 
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 

...INTERMEDIATE CERTIFICATE(S) 

pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30 
hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o 
wFZUTKiL8IkyhtyTMr5NGvo1dbU= 
-----END CERTIFICATE----- 
-----BEGIN CERTIFICATE----- 
MIIEYDCCA0igAwIBAgILBAAAAAABL07hRQwwDQYJKoZIhvcNAQEFBQAwVzELMAkG 
A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExEDAOBgNVBAsTB1Jv 

...ROOT CERTIFICATE 

pOBWYdw9P91nbHZF2krqrhqkYE/Ho9aqp9nNgSvBZnWygI/1h01fwlr1kMbawb30 
hag8IyrhFHvBN91i0ZJsumB9iOQct+R2UTjEqUdOqCsukNK1OFHrwZyKarXMsh3o 
wFZUTKiL8IkyhtyTMr5NGvo1dbU= 
-----END CERTIFICATE-----

For external validation, use tools like SSL Labs or run openssl s_client -connect core.example.org:443 from the command line.

If you encounter issues due to an expired local certificate, you can attempt to resolve it by reinitializing the Docker swarm cluster. This can be done using the following command:

sudo docker swarm init --force-new-cluster

This command forces Docker to create a new swarm cluster, which can help renew the local certificate and restore cluster functionality. Note that this should be done with caution and only if necessary, as it resets the swarm configuration.

Previous Troubleshooting
On This Page

    Enhanced video conferencing for on-premises and cloud platforms

    Try Mividas
    © Mividas Video Solutions AB 2025