When untrusted certificate is used, certificate error message is displayed by View Client.
Create a keystore file
Add keytools folder path in environment variable for seamless execution of the tool.
Use Keytool.exe to generate keystore file, certificate request file, and import certificate into the keystore and make it available for View. View use keystore type of "p12"
Create and Submit a certificate request to Certificate Services
Create a certificate request (csr file) that can be submitted to certificate service provider.
One option is to use a internal Windows certificate authority. Command applies to Windows based CA system.
Issue the command, "certreq -attrib "certificatetemplate:WebServer certificate.csr" and select the internal Windows certificate authority. Then, a certificate (CER files) is generated.
Note the Web server certificate template used above is one of many templates that are used.
To automatically trusted internally, import into AD as a trusted root certificate
Then, Issue the command, "certutil -dspublish -f certifcate.cer NTAuthCA" to publish the certificate into AD
View needs PKCS #7 certificate (P7B). CER format certificate can be converted to a P7Bformat
Use keytool to import the P7B certificate into the keystore to allow View to use. Issue the command,"keytool -import - keystore keys.p12 -storetype pks12 storepass secret "RSA" -trustcacerts -file certificate.p7b"
On the View Connection server the self-signed View certificate to be replaced. Copy the new trusted certificate in the same folder.
Create "locked.properties" file with the correct certificate password.
Install P7B certificate into the View Connection servers personal store. Reboot to complete the certificate imports.
Require SSL for client connection and View Administrator setting now can be used.
Valid View client HTTPS connection displayed in green.
Check debug log files to confirm the server use of the correct keystore
Enable Smart Card authentication
For Smart Card support, add the last 3 entry in the locked.properties file.
In, View Administrator, enable smart card authentication and define requirements.
No comments:
Post a Comment