Using a private or enterprise Certification Authority
We recommend that you use a public Certification Authority (CA). However, your organization may use an Enterprise CA and a private CA for proof of concept (PoC) tests.
The following procedure describes generating certificates using Microsoft Enterprise Certificate Authority on Windows Server. Other Enterprise CA solutions are available.
If you are not using a public CA you need to install the root certificate for your private CA on the appliance before installing any chain certificates and the appliance certificate. You also need to provision the root certificate on every client device that uses the File Director client.
Request a certificate using a Microsoft private CA
- In a web browser, navigate to: https://<your CA>/certsrv
Click Request a Certificate.
Click Advanced certificate request.
Click Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or Submit a renewal request by using a base-64-encoded PKCS #7 file.
- Paste the CSR you generated into the Saved Request field.
From the Certificate Template list, select Web Server and click Submit.
Select Base 64 encoded, click Download certificate chain and save.
- Once the download is complete, install the certificates and follow the processes detailed in:
If the private CA is installed with default settings, it may sign the resulting issued certificates with SHA1. This generates browser warnings when accessed by certain browsers. It's recommended to use SHA256 or higher to mitigate this.
Was this article useful?
Copyright © 2019, Ivanti. All rights reserved.