Powered by Zoomin Software. For more details please contactZoomin

Flowmon User Guide

Table of Contents

Certificate Management

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: April 5, 2026
  • 3 minute read
    • Flowmon Products
    • Flowmon
    • Documentation

Host Certificates

When you change the hostname of your device or after the first login to the device, it is highly recommended to generate a new SSL certificate. You can generate certificates for secured HTTPS protocol or PostgreSQL database for remote connection. Before starting, select the desired value in the drop-down menu. To generate the certificate, click Generate. You will be asked to confirm your choice - click Save. This generates a new certificate, that is automatically signed by Flowmon Networks and is valid for the new hostname of your device. Finally, allow the new certificate in your browser.

Host Certificates
Host Certificates

If you have your own certificate generated, you can apply it by clicking Upload. Choose the certificate file (*.crt) and private key file (*.key) and click OK.

Private keys protected by a passphrase are not supported.

CA Certificates

In CA Certificates, a user can add a Certificate Authority (CA) certificate to the system. The CA certificate is used when a Proxy is enabled in Configuration Center > System > System Settings > Proxy. When using a proxy server, the Flowmon appliance verifies the proxy server’s certificate with CA certificates stored in the system. Certificate verification is needed to establish a secure connection with external servers. If verification fails, access to external resources, such as software updates, is denied. Verification can fail when the configured proxy server uses its own CA to generate server certificates based on user requests (SSL Bump) and the CA is not added to the system.

CA Certificates section
CA Certificates section

To add a CA certificate to the system, click New Certificate. Choose the certificate file. Only files with extensions .pem, .crt, or .der are supported. The CA certificate can be either in text or binary format. Click Upload to upload the CA certificate for validation. If the CA certificate is valid, its details are displayed. To add the uploaded CA certificate, click Import. Note that if the uploaded file contains multiple certificates, only the first one will be processed. If a trusted chain with multiple CA certificates should be added, CA certificates must be added one by one.

The Add certificate form
The Add certificate form

When adding a new CA certificate, the following requirements must be met:

  • Valid from (not before): date is set in the past

  • Expires on (not after): date is set in the future

  • Basic Constraints extension: contains the CA bit

When a CA certificate with an empty subject or issuer is added, its Common Name in the GUI is displayed as Empty Common Name.

When an existing CA certificate expires, a new message will appear in System messages (the bell icon). The expiration check is done automatically every 24 hours.

Click Reload to reload all certificates added to the system. This also checks for CA certificate expiration as described above.

Each CA certificate can be deleted by clicking Delete or downloaded by clicking Export next to the CA certificate.

TitleResults for “How to create a CRG?”Also Available inAlert