Skip to main content

Security-certificate considerations

Lenovo XClarity Orchestrator uses SSL certificates to establish secure, trusted communications between XClarity Orchestrator and its managed resource managers (such as Lenovo XClarity Administrator or Schneider Electric EcoStruxure IT Expert) as well as communications with XClarity Orchestrator by users or with different services. By default, XClarity Orchestrator and Lenovo XClarity Administrator use XClarity Orchestrator-generated certificates that are self-signed and issued by an internal certificate authority.

The default server certificate, which is uniquely generated in every instance of XClarity Orchestrator, provides sufficient security for many environments. You can choose to let XClarity Orchestrator manage certificates for you, or you can take a more active role by customizing and replacing the server certificates. XClarity Orchestrator provides options for customizing certificates for your environment. For example, you can choose to:
  • Generate a new pair of keys by regenerating the internal certificate authority and/or the end server certificate that uses values that are specific to your organization.
  • Generate a certificate signing request (CSR) that can be sent to your choice of certificate authority to sign a custom certificate that can then be uploaded to XClarity Orchestrator to be used as end-server certificate for all its hosted services.
  • Download the server certificate to your local system so that you can import that certificate into your web browser's list of trusted certificates.

For more information about certificates, see Working with security certificates.