About InTouch Access Anywhere Secure Gateway ports and SSL certificates

The InTouch Access Anywhere Secure Gateway includes a self-signed certificate. Some web browsers may show a security warning when a self-signed certificate is detected. To remove the warning, install a trusted certificate purchased from a trusted certificate authority (for example, VeriSign).

Important: The signed certificate must have a private key associated with it. A .CER file may not have a private key. Use a signed certificate that includes a private key, which usually has a .PFX extension.

The Secure Gateway uses the certificate in the Windows Certificate Store (Computer Account), which is accessible using the Microsoft Management Console (MMC).

To add, view, or modify certificates

1. Log on as an administrator to the computer hosting the Secure Gateway.

2. From the Windows Command Prompt, run the mmc.exe command to show the MMC.

3. Select the File option from the menu bar and select Add Remove Snap-in to show the Add or Remove Snap-ins dialog box.

   

4. Select Certificates from the Available snap-ins area and select Add.

5. Select Computer Account from the Certificates snap-in dialog box and click Next.

   

   The Select Computer dialog box appears with options to select a computer account.

6. Select Local Computer.

   

7. Click Finish and then OK.

   The Console Root shows Certificates (Local Computer) option.

8. Select the icon to the left of the Certificates (Local Computer) option to expand the list of sub options.

9. Browse Certificates | Personal | Certificates folder to view the available certificates that can be used by the Secure Gateway.

   

10. If a trusted certificate is used with Secure Gateway, place it in the same location as the Secure Gateway Certificates | Personal | Certificates).

11. Browse the Certificates | Personal | Certificates folder of the MMC to show a list of certificates.

12. Double-click on the trusted certificate that you want to use with the Secure Gateway.

13. Select the Details tab and highlight Thumbprint.

    The Thumbprint value appears beneath the list of certificate properties.

    

14. Select the entire thumbprint value.

15. Press CTRL+C to copy it.

    The Thumbprint can also be manually typed in.

16. Click OK to close the dialog.

17. Open the EricomSecureGateway.Config file, which is located in the following folder of the computer hosting Secure Gateway:

    C:\Program Files (x86)\Wonderware\InTouch Access Anywhere Secure Gateway\InTouch Access Anywhere Secure Gateway

18. Locate the Security section of the file.

    <Section name="Security">

    <Property name="CertificateFindBy" type="X509FindType" value="FindByThumbprint" />

    <Property name="CertificateFindValue" type="string" value="3A2252B3567A129FCF1ED8359C7E5815B47F1E37" />

19. Ensure the value of the CertificateFindBy property value is set to FindByThumbprint.

20. Delete the existing Thumbprint from the CertificateFindValue property value field.

21. Press CTRL+V to paste the new Thumbprint in the value field of the CertificateFindValue property.

    All blank spaces in the thumbprint are removed after pasting it as the value of the CertificateFindValue property.

22. Save the file and the new Thumbprint will be used. Restarting the Secure Gateway service will apply the new certificate immediately.

    Note: The DNS address of the Secure Gateway server must match the certificate name. If it does not, a "Connection failed" error message will appear upon attempting a connection.