Certificates
What Certificates Are
What it is: The Certificates page lets you create and store signed X.509 certificates. Hydden Discovery uses these certificates for Web Services and secure browsing in on-prem environments. You can create certificates on the primary tenant in multi-tenant and on-prem deployments.
Why it matters: Managed certificates give your deployment a trusted identity for encrypted communication. Designating a default certificate ensures all services use a consistent signing authority.
Required role: Tenant Owner.
Add a Certificate
Purpose: Create a new X.509 certificate for use by Discovery services.
Before you begin:
- You need Tenant Owner permissions.
Steps
Open the Certificates page. Navigate to Configuration | Settings, then select the Certificates tab.
Click + Add Certificate. The Add Certificate dialog opens.
Fill in the required fields:
- Name — A display name for the certificate.
- Common Name (CN) — The fully qualified domain name the certificate protects.
- Subject Alternate Name (SAN) — Additional hostnames or IP addresses.
Fill in the recommended fields for correct operation:
- SHA keys
- Organization and OU names
- Site name
- Locality, Province, and Country
Save the certificate.
Result: The certificate appears in the list and is available for assignment to Discovery services.
Default Certificate
You can mark one certificate as the default signing certificate. Discovery uses the default when no specific certificate is configured for a service.
When Discovery loads a certificate from a file, it logs the file path, common name, SANs, and whether it was selected as the default. Check application logs if a certificate does not load as expected.
Certificate List Behavior
The certificate list shows only active certificates. Deleted certificates are excluded automatically and do not appear in configuration options.