Configuring certificates for the Cloud APM console

The default certificates for the Cloud APM console are self-signed certificates that are created when the Cloud APM server is installed. The certificates expire 3 years after the server is installed. Because the certificates are not signed by a trusted certificate authority, Cloud APM console users see certificate errors in their browsers when they access the console. You have two options for eliminating the certificate error messages or to create new certificates before the current certificates expire:

• Use the Cloud APM server to create a private root certificate authority certificate and use it to sign the certificates that are used by the Cloud APM server processes. Then, provide the private root certificate authority file to the Cloud APM console users so that they can import it into the trusted root certificate authorities list in their browsers.
• Use a third-party root certificate authority (such as GeoTrust or a certificate authority in your company) to sign the certificates that are used by the Cloud APM server processes. If the third-party root certificate authority is not already trusted by Cloud APM console users’ browsers, then they must import the root certificate authority file into the trusted root authorities certificate list in their browsers.