...
Register / Index
| Table of Contents |
|---|
...
Following certificates are used for the CoreOne Suite
SSL Wildcard certifcate
This is used for the encryption between browser and CoreOne Web services.
Server Zertifikate
Für die Kommunikation von den CoreOne Application Services zu den CoreOne System Connectors.
Das Zertifikat muss auf dem Server mit den CoreOne Application Services und den Servern mit dem CoreOne System Connector lokal installiert werden.
This is used for the communucation from the CoreOne Application services to the system connectors.The certificate must be on the server, where the CoreOne Application service and where the system connectors are running.
...
...
...
...
...
...
Zertifikat installieren
Navigieren sie auf Personal → Cerificates import
Rechtemaustaste → All Tasks -→ Import
...
...
...
File Import
wählen sie Browse das gewünschte Zertifikat und Bestätigen
dies anschliessen mit Next
...
...
File Import
...
...
Wählen Sie auf welchen Certificate Store dies gespeichert werden soll.
Anschliessend kann mit Next weitergefahren werden.
...
...
...
...
...
Service User Berechtigung erteilen
Rechte Maustaste auf Zertifikat
→ All Tasks → Manage Private Keys..
...
...
Service Account auf das eingelesene Zertifikat berechtigen:
- Full Control
- Read
Apply → OK
...
...
Optional:
Öffentliches Zertifikat exportieren um auf anderen Server zu installieren.
Dieses Exportierte öffentliche Zertifikat auf allen direkten Kommunikations-Partnern (Webserver, System Connector, ...) installieren.
Das Selbe auf allen Kommunikations-Partnern machen und deren öffentliches Zertifikat auf dem Server installieren.
How to articles
...
Related articles
...
Introduction
As documented in Connectivity (Network ports and protocols), there are various distributed services that need a certificate to secure the connection between the two parties. Most of the times, those certificates are read from a local certificate store such as the Windows Certificate Store. This how to shows you how to add a certificate there and give the appropriate service user access to the private key.
Step 1 - Open MMC and add a Snap-in
Start the certificate store with; "Win + R | mmc". Now you will see the Certificate store. Add a new Snap-in with following steps:
Click on "File" and than click on "Add/Remove Snap-in" or with the keyboard shortcut ctrl + M
Open "Certificates" by double clicking it → Let the computer account to manage the certificates
Install the certificates on the local computer
To open the Snap-in just click "OK" at the end of these steps
Step 2 - Install the certificate
Navigate to the folder "Personal" and open it. Do a right click on the folder "Certificates" to open the task menu. Choose All Tasks → Import to import the certificate. Click "Next" in the first window. Now browse for the certificate that you want to add. After that click "Next" again.
...
To add the certificate you have to enter the password of the certificate, which was generated at the export to import the private key.
Check the checkbox “Mark this key as exportable”.
After you have done this, you need to choose the folder where you want to add the certificate. In the normal case this is the folder "Personal". Click "Next" to continue.
...
To complete the changes click "Finish". Confirm all your changes by clicking "OK" in the popup window that will open.
Step 3 - Check the recently added certificate
Navigate to the certificate, which you added before, in the certificate store. Double click on the certificate and check the path and the status of the certificate.
...
Step 4 - Service User rights
Navigate to the certificate and do a right click on it "→ All Tasks → Manage private key" to manage the private key. Give full control to the service user on the certificate. Apply these changes with "OK"
...
Step 5 - Optional
Export public certificate to install it on an other server.
Install the exported public certificate on all communication-partners like: Web-Server, system connector, and so on.
Do the same on all communication-partners. Export their public certificate and add it on the server.