To use the SSL capabilities of MCS, you must include a server site certificate issued by a certificate authority (CA). If you don't already have a server site certificate, you must obtain and install one, as described in the procedure for installing a server site certificate.
MCS can use certificates and keys in either .der or .pem format. A .der format file contains binary data. A .pem format file (privacy-enhanced mail) is in ASCII, beginning with this line:
and ending with this line:
The file extension must match the contents of the certificate file.
While waiting for the server site certificate from the CA, you can use the self-signed, demonstration site certificate included with MCS.
The demonstration certificate allows you to test SSL connections. However, the demonstration certificate has an abbreviated validation period, and should not be used in a production environment.
By default, MCS is installed and configured to use the demonstration certificate; no further action is required until you're ready to install the permanent site certificate issued by the CA.
For client certificate authentication, you must obtain and install a personal certificate on each client computer that will access MCS or a Telnet server (host). All software downloaded from MCS uses the personal certificate stored by the Web browser on the client computer.
The following table describes the SSL certificate requirements to configure security for Management & Control Services (MCS) and client applications.
|Validating the identity of||Requires this certificate|
|MCS||A server site certificate issued by a known certificate authority (CA).|
|Client applications||A personal certificate for all client computers that access MCS or the myAccess Links page.|
|Security Services, Overview|
|Installing a Server Certificate|
|Installing a Personal Certificate|
|Configuring a Client SSL Connection|