Article Number
000033460
Applies To
RSA Product Set: ECAT
RSA Product/Service Type: ECAT
RSA Version/Condition: 4.X
Platform: Windows
RSA Product/Service Type: ECAT
RSA Version/Condition: 4.X
Platform: Windows
Issue
You want to use your own certificates with ECAT and not use the ones generated by the installer.
Task
Note the actual steps you will use will depend upon your own Certificate Authority. This article shows the steps taken with a Microsoft 2008 Certificate Authority.
First install the product so that the self generated ECAT Certificates have been installed. We will replace them with our own generated certificates.
Image description
Image description
Image description
Image description
Image description
Image description
2. Repeat the process to create a ECAT Client Certificate Template. The important part is again to make sure that the private key is marked as exportable and that the application policy is "Client Authentication".
3. Make sure that you can issue certificates with these templates.
4. On the ECAT Machine open up the MMC Console and the certificate MMC Add In for the current user and also the Local Computer. Request new Certificates using ECAT Server and ECAT Client Certificate Templates
that you created in steps 1) and 2) above. It will be necessary to request the certificate as the local user.
Image description
Image description
5. For the Subject Name of the Server Certificate you can put any name eg " ECAT Server"
Image description
6. For the ECAT Client specify a client name as "ECAT CLIENT"
Image description
7. Enrol to receive your certificates
Image description
8. The requested certificates will appear in the Current User personal Certificate Store.
Image description
9. Copy the certificates
Image description
10. Paste the certificates into the Local Computer Personal Certificate Store.
Image description
Image description
11. Edit the consoleServer.exe.config file with your new settings:
<add key="LocalHttpsServerCert" value="ECAT SERVER"></add>
Note the Thumbprint is the thumbprint value of the ECAT SERVER certificate. The names of the certificates are case sensitive and must match exactly.
12. Restart the ECAT Console Service and verify the the service starts and is listening.
13. Chose these certificates in the Agent Packager and Test the Connection.
Image description
First install the product so that the self generated ECAT Certificates have been installed. We will replace them with our own generated certificates.
- In Microsoft CA generate a ECAT Server Certificate Template with the following attributes:
It is important the the Private Key is marked as Exportable and that the Server Authentication application policy is selected.
Image descriptionImage descriptionImage descriptionImage descriptionImage descriptionImage description3. Make sure that you can issue certificates with these templates.
4. On the ECAT Machine open up the MMC Console and the certificate MMC Add In for the current user and also the Local Computer. Request new Certificates using ECAT Server and ECAT Client Certificate Templates
that you created in steps 1) and 2) above. It will be necessary to request the certificate as the local user.
Image descriptionImage description5. For the Subject Name of the Server Certificate you can put any name eg " ECAT Server"
Image description6. For the ECAT Client specify a client name as "ECAT CLIENT"
Image description7. Enrol to receive your certificates
Image description8. The requested certificates will appear in the Current User personal Certificate Store.
Image description9. Copy the certificates
Image descriptionImage descriptionImage description11. Edit the consoleServer.exe.config file with your new settings:
Replace the values as follows:
<add key="LocalHttpsServerCert" value="ECAT SERVER"></add>
<add key="LocalHttpsServerCertHash" value="fe035236b5ce9430625275f6b2e7b2104ef8d0e"></add>
<add key="LocalHttpsClientCert" value="Ecat Client"></add>
Note the Thumbprint is the thumbprint value of the ECAT SERVER certificate. The names of the certificates are case sensitive and must match exactly.
12. Restart the ECAT Console Service and verify the the service starts and is listening.
13. Chose these certificates in the Agent Packager and Test the Connection.
Image descriptionIn this article
