Jump to content
Sign in to follow this  

Recommended Posts

Purpose:

This process shows you how to generate a new wildcard certificate from your AD Certificate Store, which can be used for your Browser Based Gateway or you can assign it to your Passwordstate URL.  Assigning it to your URL will make for a nicer end user experience, as the all browsers will automatically trust the certificate, assuming the user is accessing Passwordstate from a domain joined machine.

 

Disclaimer:

These instructions involve granting your web server permissions to a Web Server Certificate template in your AD Store.  We encourage you to review and have this process approved before applying to your production environment.

 

1. Log into your Active Directory Certificate Authority server as a Domain Administrator

2. Open certtmpl.msc

3. In the Properties of the Web Server template, give your Passwordstate web server Read, Write and Enroll permissions, and click OK.

 

2017-05-17_10-42-28.png

 

 

4. Log into your Passwordstate web server as Domain Administrator, open certlm.msc

5. Expand Personal -> Certificates

6. Right click Certificates -> All Tasks -> Request a New Certificate

 

2017-05-17_10-30-48.png

 

7. Click Next

 

2017-05-17_10-31-14.png

 

8. Click Next

 

2017-05-17_10-31-34.png

 

4. Select the Web Server template, and click "More information is required to enroll for this certificate"

 

2017-05-17_10-42-50.png

 

4. Change Full DN to Common Name and type in your domain as a wildcard.  Click Add. Change the Directory Name to DNS and also type in your domain as a wildcard.  Click Add

26.png

 

 

6. Under the General tab, enter a Friendly name

2017-05-17_10-44-44.png

 

7. Under the Private Key tab, select the option to make the certificate exportable

27.png

8. Click OK and then click Enroll

 

**NOTE** If you are following this process to generate a certificate to be used with your Browser Based Gateway, please refer to Gateway Install instructions in Section 6:  https://www.clickstudios.com.au/downloads/version8/Passwordstate_Remote_Session_Launcher_Gateway_Install_Guide.pdf

 

Otherwise, use these instructions below to use the certificate on your Passwordstate website:

 

9. Open IIS, and set the new certificate to your HTTPS web binding

 

2017-05-17_10-45-57.png

 

10. Now from your desktop, you should be able to browse to your Passwordstate website, and Chrome will now treat it as secure

 

2017-05-17_11-28-20.png

 

 

 

Related Error #1:

Certificates with a Signature Hash Algorithm of SHA-1 can also generate security warnings in later versions of Chrome.  You may see this error below if your certificate is signed using SHA-1.  There are different ways to upgrade your Certificate Store to SHA-256 but one of our customers kindly linked us to this article (Thanks Luis :) ), which helped him out:  https://technet.microsoft.com/en-us/library/dn771627.aspx

 

2017-05-19_8-13-06.png

 

 

Related Error #2:

When requesting this certificate on your web server, the wizard installs it in the Intermediate Certificate Authorities store, which can cause the browser on the web server not to trust the certificate.  You may notice this behavior:

 

2017-07-31_11-19-13.png

 

To fix this, either install the certificate using Internet Explorer into the Local Machine Trusted Root Certification Authority, or just copy and paste the certificate as per the below two screenshots.  You'll need to restart your browser for this to become effective:

 

Copy Certificate from This Location:

2017-07-31_11-17-39.png

 

Into this Location:

2017-07-31_11-20-06.png

 

 

 

 

 

 

2017-05-17_10-44-50.png

25.png

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×