Obtaining and Installing Certificates
To set up Secure Sockets Layer (SSL) security on the server, you must install a server certificate issued by a certificate authority (CA).
In addition, you can set up client certificates to provide user authentication so that users will not have to provide user names and passwords when they connect. You must have set up SSL on the server before you can set up client certificates, although you could use the demonstration certificate for this purpose.
Following are instructions for obtaining and installing the certificates required by Management & Control Services (MCS) and its client applications.
Installing a Server Certificate
You must obtain your server certificate from a certificate authority (CA). See Related Topics links, below, for links to some well-known CAs, or use a private CA, such as Windows 2000 Server Certificate Services.
MCS can use certificates and keys in either .der or .pem format. A .der format file contains binary data. A .pem format file (privacy-enhanced mail) is in ASCII, beginning with this line:
-----BEGIN CERTIFICATE-----
and ending with this line:
-----END CERTIFICATE-----
The file extension must match the contents of the certificate file.
| To obtain and install a server certificate on an MCS server or server cluster |
- Create a certificate request for a server certificate and submit the certificate request to a certificate authority (CA).
- When you receive your server certificate, copy the files to an accessible location.
- In the MCS left pane, point to Services and then click Security.
- Under Security, click Security Services.
The Security Services General page appears in the right pane of the MCS window.
- In the Security Services Configuration page, to navigate to the location to which you copied your certificate files, choose Install.
- In the Open dialog box, navigate to the location where you placed your certificate files.
- Select a certificate file and choose OK.
The Choose Private Key dialog box is displayed.
- Select a private key and choose OK.
After installation, your certificate is displayed in the Security Services Configuration page under Site Certificate.
- To add the CA certificate for your server certificate, choose Add.
Certificate authorities contained in the CA certificate are displayed under Trusted Certificate Authorities.
- Choose Save.
|
Installing a Personal Certificate
For client certificate authentication, you must obtain and install a personal certificate on each client computer that will access MCS or a Telnet server (host). You must also install the CA certificate for your client certificate on MCS. All software downloaded from MCS uses the personal certificate stored by the Web browser on the client computer.
| To obtain and install a personal certificate |
- After setting up SSL on the MCS server, on each client PC, create and submit a certificate request to a certificate authority (CA).
- When you are notified by the CA that the request has been fulfilled, use the browser to install the certificate on the client computer.
The steps for installing the certificate are different, depending on the browser you use.
- To install the the CA certificate for your client certificate on the MCS server or server cluster, in the MCS left pane, point to Services and then click Security.
- Under Security, click Security Services.
- In the right pane of the MCS window, click the Security Services Client Certificates tab.
The Security Services Client Certificates page appears in the right pane of the MCS window.
- Choose Add to display a dialog box from which you can select a CA certificate file name.
- Use the Mapping options to map client certificates to user names. The user name looked up in the directory service is the result of applying the specified mapping options to a field in the client certificate. Only the Field option is required.
- Choose Save.
|
