Jump to content

Requesting Certificate from Certificate Authority


support

Recommended Posts

If you have an internal Certificate Authority set up in your environment, a good solution is to generate a certificate to use on your Passwordstate website.  Internal certificates are the best free certificate option if you do not need to access Passwordstate from outside your own network.

 

This forum post describes how to generate a certificate that will be accepted by your browsers with no warnings or errors.

 

Step 1:

On your Certificate Authority server, open certtmpl.msc

 

Step 2:

Right Click Web Server template and select Properties

2019-05-09_9-37-00.png

 

 

Step 3:

Under the Security Tab, click the Add button, select the Object Types button, tick the Computers check box, and then search for your Passwordstate web server.  You should give this Read, Write and Enroll permissions:

2019-05-09_9-40-02.png

 

 

Step 4:

On your Passwordstate web server, open certlm.msc, right click Personal -> Certificates and Request a New Certificate

2019-05-09_9-41-01.png

 

 

Step 5:

Click Next, Next, tick Web Server and then click the more information link:

2019-05-09_9-43-06.png

 

 

Step 6:

Select the Common Name and DNS values for the drop down boxes, and enter in a wilcard values for your domain, such as *.contoso.com

2019-05-09_9-44-05.png

 

 

Step 7:

Click the Add buttons to insert these wildcard values into your certificate

2019-05-09_9-44-19.png

 

 

Step 8:

Under the General tab, enter a friendly name and a description for your certificate.  This can be anything you like. 

2019-05-09_9-44-49.png

 

 

Step 9:

Under the Private Key tab, expand out the key options and select the Make private key exportable option.  This can help with our browser based remote session launcher and if you intend on installing this at a later date.

2019-05-09_9-45-11.png

 

 

Step 10:

Click OK and the click Enroll, and finally hit Finish

2019-05-09_9-49-50.png

 

 

Step 11:

Open IIS on your web server, browse to your Passwordstate website, select bindings and select your new certificate on your HTTPS binding.  

2019-05-09_9-50-56.png

 

 

Handy Information:

Your binding should match your certificate, which should also match your DNS entry for your web site.  If all three match then you will have hassle free browsing to your Passwordstate web site.

 

 

Regards,

Support

2019-05-09_9-39-56.png

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...