Using your own Certificate

Top  Previous  Next

 

mSuite uses an x.509 certificate as part of the security implementation.  By default, mSuite generates a self signed certificate during the installation process.  This is completely secure and unique to your mSuite installation.  However, you may want to change this certificate to one issued by your own organization's Certificate Authority, or one issued by a public Certificate Authority.

 

Certificate characteristics

In order to work with mSuite, the certificate must have a private key.

 

There are two ways of generating suitable certificates

1.Request a certificate from your organization's Certificate Authority.  This process varies according to the Certificate Authority that is deployed in your organization. Discuss the requirements with your security administrator for a detailed description of how to request a key from your CA.  The following outline highlights the steps in requesting a certificate (this can be done using Windows Certificate services in Windows 2000/3 or another certificate generation authority):

 

Request a certificate from the CA, this is often done from a Browser running on the machine where the certificate is to be installed.
Enter the credentials for the CA.
Issue the certificate - the CA creates and issues the certificate.
Collect the certificate - collecting the newly created certificate.

 

If you made the request from a machine other than the mSuite server, you will have to export the certificate and then import it onto the mSuite server.  See: Exporting the Certificate and Importing the Certificate

Daniel Petri has an excellent website that shows, among other things, how to use Windows Server 2003 as a certificate server: http://www.petri.co.il/install_windows_server_2003_ca.htm

 

2.Purchase a certificate from one of the public Certificate Authorities such as http://www.thawte.com/ or http://www.verisign.com/ - there are many more organizations and, if your organization is running SSL web servers, you will already have a certificate partner, check with your security administrator.

 

Importing the Certificate

To import the Private Certificate (.pfx) obtained from your CA or from a public CA:

1.Expand the Configuration node in the navigation tree and select Servers and Groups.  The action pane will display the configured servers.
2.Right mouse click the server and select Properties from the pop-up menu.
3.Select the Connection Management tab. It will highlight the currently active template which is normally the default template which should not be altered (Default CMS Template). Click the Configuration Wizard button - with the magic wand icon.
4.On the Welcome screen, make sure the box marked Run the Connection Manager Service is checked then click the Next button.
5.The General Settings page allows you to change the x.509 certificate used by the system.  This will be defaulted to mSuite CA - this is the unique self signed certificate created by the installation process.  Only change this if you have a certificate issued by your organization's (or a public) Certificate Authority.  To change the certificate, it must be installed on the machine running the CMS and appear in the list of available certificates.
6.If the certificate is not in the list of available certificates, click the Add Certificate button.
7.Browse to the folder that contains your certificate.
8.Select the certificate that you want to import then click Open.
9.Enter the password (case sensitive!) for the certificate and click OK.
10.Make sure that the newly imported certificate is selected.
11.Click Next through to the end of the wizard and then click Finish.
12. Select the Exchange Adapter tab. It will highlight the currently active template which is normally the default template which should not be altered (Default Exchange Adapter Template). Click the Configuration Wizard button - with the magic wand icon.
13. On the Welcome screen, make sure the box marked Run the Exchange Adapter Service is checked then click the Next button.
14. On the General Settings page, select (highlight) the newly imported certificate.
15. Now restart the CommonTime Service Control Manager in the Windows Services applet.

 


Page url: http://msuitehelp.commontime.com/index.html?ct_adv_using_your_own_certificate.htm