Edge Device HTTPS Portal

Learn how to use the HTTPS portal for edge devices.

Starting with OS58, users can upload their own HTTPS termination certificates for the device portal. Enabling this functionality will disable the plain HTTP portal.

Add the Certificate

1. With the certificate and private keys in hand, open and sign into the Tulip portal, and expand the HTTPS Certificates section under Service Configuration.

2. Toggle on the Enable Service toggle to expose the configuration form.

3. Use the form widgets to upload the certificate to the device and click Save. The device will inspect that the certs are usable and, if so, will apply them. This will enable the HTTPS portal.

4. Wait a few moments and proceed to update the URL in the browser URL bar to use HTTPs instead of HTTP.

For example
http://10.0.0.4 → https://10.0.0.4

5. The portal will begin to load, and you will need to sign in again. The HTTPS Certificate section now shows an Active badge.

Update the Certificate

You must update the certificates before the expiry.

1. Open up the portal via HTTPS, and expand the HTTPS Certificate section. This will expose the same form as before.
2. Replace the certificates with the new versions. After this you can click Save.

Best Practices and Troubleshooting

When using these certificates, ensure they undergo regular replacement before expiration. We recommend scheduling the refreshment process in advance of the expiry date. You should also pick a certificate duration that does not increase your workload significantly.

In the case that the expiry window has slipped, it is possible to recover with little issue. There are two main ways the browser accepts connections to expired certificates.

1. Change the time - Change the time on the connecting machine to a date and/or time that is before the certificate expiry and follow the Update instructions above.
2. Override - Certain browsers allow temporary override of the security features in regards to time-based certificate expiry. This can allow new certificates to be uploaded via the Update instructions above.