Manuals - 3Dfindit

3.4.1. Create certificates on the customer side

3.4.1.2. Manual certificate application (with template)

Basic process:

For the creation of an official Server certificate signed by the company's Certificate Authority (CA), at first a certificate request has to be created.
The request is signed by the CA.
The certificate is re-imported in the server's certificate store.
All clients have to trust the CA.

In the following the process is described in detail:

Call up "certlm " on the server:
1. Via Windows Start menu -> Manage computer certificates
2. Via PARTadmin -> category Application Server -> AppServer service [AppServer Service] -> tab page Port configuration -> SSL -> certlm.msc
Manage computer certificates

certlm.msc
In certlm [Certificates - Local Computer] under My Certificates -> Certificates under All Tasks -> Advanced Tasks, click Create Custom Request....

Create Custom Request...

-> The Certificate registration -> Preparation dialog opens.
Click Next.

Before You Begin
Select the Configured by administrator option (if available) and click Next.

Select Certificate Enrollment Policy

-> The Certificate registration -> User-defined request dialog opens.

Custom request
Select the web server template or the one specified by the administration.

Web Server
Click Next.
-> The Certificate registration -> Certificate information dialog opens.
Click the Properties button.

Certificate Information

-> The Certificate properties dialog opens.
On the Applicant tab page, under Applicant name -> Type, select the General name option and enter the following under Value:
```
server.domain
```
Click Add >.

Certificate Properties > Subject

-> Now the value is displayed on the right side.

Certificate Properties > Subject
Under Alternative name with type "DNS ", add all variants of the server host name and click Add in each case.
-> The values are displayed on the right side.

Certificate Properties > Subject
Switch to the General tab page and add the description of the certificate.

Certificate properties > General
Switch to the Extensions tab page and verify that these key usages are selected:
1. Key usage:
  - Digital signature
  - Key encipherment
2. Extended Key Usage (application policies):
  - Server Authentication
"Key usage" and "Extended Key Usage"
Switch to the Private key tab page.
Verify the properties under Cryptographic service provider.
The key size should be 2048 or larger.

Certificate Properties > Private Key
Key type: The exchange option should be selected.

Certificate Properties > Private Key
Key authorizations:
Activate the Use custom permissions option and then click on the Set permissions button.... Select the authorizations so that the user under which the AppServer is running has access to the private key.
Confirm with OK.
-> The Certificate information dialog is now displayed again.

Certificate
Click Next.
-> The dialog Where do you want to save the offline request? is displayed.
Specify the file name of the certificate request to be generated and click Finish.

Where do you want to save the offline request?
Now send the file servercert.req to the administration so that they can sign the request with the company CA.
You will get back a signed certificate (a *.crt file)
Import the certificate back into the local store under My certificates > Certificates (as admin).
To do this, select the certificate, open the context menu and click on Install certificate or in certlm under My certificates > Certificates on the context menu command All tasks > Import.

Install Certificate

Import...

After importing the certificate, the Certificate Information dialog should display "You have a private key for this certificate".

Certificate Information

Then things will work automatically.

Prev	Up	Next
3.4.1.1. Request certificate with active auto-enrollment	Home	3.4.1.3. Manual certificate application (without template)