Manuals - 3Dfindit

3.4.1. Create certificates on the customer side

3.4.1.1. Request certificate with active auto-enrollment

If the customer has auto-enrollment active, requesting a certificate is simple:

Call up "certlm":
1. Via Windows Start menu -> Manage computer certificates
2. Via PARTadmin -> category Application Server -> AppServer service [AppServer Service] -> tab page Port configuration -> SSL -> certlm.msc
Manage computer certificates

certlm.msc
In certlm [Certificates - Local computer] under My certificates -> Certificates -> All tasks, click on Request new certificate....

Request New Certificate...

-> The Certificate registration -> Preparation dialog opens.
Click Next.

Before You Begin

-> The Certificate Enrolment > Select Certificate Enrolment Policy dialog opens.
Click Next.

Select Certificate Enrollment Policy

-> The Certificate registration -> Request certificates dialog opens.

Request certificates
Activate the checkbox under Computer, open the details and click on the Properties button.

Important
The certificate type must include digital signature, key encryption and server authentication ; client authentication is optional.

Selection "Computer"

-> The Certificate properties dialog is displayed.
Set respective entries on all tabbed pages.
- General tab page: Specify the display name and description of the certificate.
  
  Certificate Properties > General
- Register page Applicant:
  Under Applicant name -> Type, select the option General name and enter the following under Value:
```
server.domain
```
  Click Add >.
  
  Certificate Properties > Subject
  
  -> Now on the right side, the value "CN=server.domain" is displayed.
  
  Certificate Properties > Subject
  
  Under Alternative name with type "DNS ", add all variants of the server host name and click Add in each case.
  
  Certificate Properties > Subject
  
  -> The values are displayed on the right side.
  
  Certificate Properties > Subject
- Extensions tab page: Verify that the following key usages are selected:
  1. Key usage:
    Digital signature
    Key encipherment
  2. Extended key usage (application policies):
    Server Authentication
  Certificate Properties > Extensions
- Private key tab page:
  
  Certificate Properties > Private Key
  - Cryptographic service provider: Verify the properties.
  - Key size: Minimum 2048
  - Key type: The exchange option should be selected.
    
    Certificate Properties > Private Key
  - Key permissions: Activate the Use custom permissions option and then click on the Set permissions button.... Select the authorizations so that the user operating the AppServer has access to the private key.
- Certification authority tab page: Select the certification authority that is to sign.
  
  Certificate Properties > Certification Authority
Confirm with OK.
-> The Certificate properties dialog is closed and the Certificate registration, Request certificates dialog is displayed again.

Request Certificates
Click Register.
-> Now you should have your new server certificate already in the store.

Certificate Installation Results
Click Finish.

Prev	Up	Next
3.4.1. Create certificates on the customer side	Home	3.4.1.2. Manual certificate application (with template)