Use Externally Provided Certificates for Encryption

By default, the System Management Server is configured to generate its own certificates for distribution to any connecting computers. However, you may need to enable encryption using certificates provided by a system administrator, a corporate IT department, or a certified third-party vendor.

Note: If you are provided with a certificate file, it needs to be a .pfx file.

To use externally provided certificates for encryption:

1. In Configurator, open the System Management Server page.

2. Click on the Advanced button. The Advanced Configuration dialog will appear.

3. In the Certificate Source field, select "Provided by IT (import / select)".

   

4. In the Certificate field, select the certificate you want to use from the drop-down list.

   To use a certificate that is not included in the list, click Import. The Import Certificate dialog is displayed.

   

   To import a certificate:

   1. In the Certificate file field, browse to the location of the .pfx certificate file you want to import and select it.

   2. In the Certificate Store field, select the type of certificate to create; Root, Intermediate or Personal. The certificate will be stored in the Certificate Store associated with the selected type.

      • Root Certificate - Local Computer Trusted Root Certification Authorities store

      • Intermediate Certificate - Local Computer Intermediate Certification Authorities store

      • Personal Certificate - Local Computer Personal store.

   If you have only been provided with one certificate, select "Personal". However, check with your certificate provider about where the certificate needs to reside.

   Also see Personal Certificates Requirements.

   If you have been provided with three certificates (a Root, Intermediate and Personal certificate), repeat this process three times to import each one and place them in the appropriate certificate store.

   • In the Password field, type the password for the selected Certificate Store.

   • Click OK to save your settings and close the Import Certificate dialog.

     Note: The certificate provider will need to renew the certificates they generate as required.

5. To view the information about the selected certificate, click Details.

6. Click OK to save your settings. The Configurator’s main screen will display.

7. Click Configure to apply your changes.

   The Configuration Messages area displays the steps in the configuration process and the progress. On successful configuration, the Certificate is generated on the selected System Management Server and its name is displayed in the Certificate field on the Advanced Configuration dialog.

   If the configuration is unsuccessful, refer to the error messages in the System Management Console.

8. Click Close to exit the Configurator.

Setting permissions on the binding certificate

To complete the setup of an IT-managed certificate, the "ArchestrAWebHosting" user group needs read access to the certificate's private key.

9. Open the certificates manager (certmgr) in Microsoft Management Console.

10. In the tree view, select Personal, then Certificates.

11. Locate your IT-managed certificate.

12. Right-click and select All Tasks, then Manage Private Keys.

13. On the Security tab, use the Add button to allow read access to the "ArchestraWebHosting" group.

See Also

Use Externally Provided Certificates with Web Applications

Troubleshooting - Certificate Error Messages