CustomCertificate

For the connection between a Workspace Control Agent (RES service) and a Relay Server, and between Relay Servers, custom certificates can be used.

To use custom certificates, the CustomCertificate registry value needs to be set. With this registry setting, the value that is used to identify the custom certificate in the certificate store will be specified. By default, the Relay Server will look for the custom certificate's "Subject name" in the "Personal" folder in the certificate store. Optionally, one or both values can be changed by setting the registry values CustomCertificateFindBy and CustomCertificateStore.

CustomCertificate

Use custom certificates for the connection between the Workspace Control Agent (RES service) and a Relay Server, and between Relay Servers
Key	HKLM\Software\RES\Workspace Manager\RelayServer
Value	CustomCertificate
Type	REG_SZ
Data	<certificate's subject name> (when not using CustomCertificateFindBy) or <certificate's thumbprint> or <certificate's serial number>
Remark By default, this value is the "Subject name" of the custom certificate. With the registry value CustomCertificateFindBy the Thumbprint or SerialNumber can also be specified as the attribute to identify the certificate by in the certificate store.

CustomCertificateFindBy (optional)

By default, the "Subject name" will be used to identify the custom certificate in the certificate store. With the registry value CustomCertificateFindBy, the custom certificate can be identified by its Thumbprint or SerialNumber. When setting this registry value, make sure to specify the correct Data (i.e. the certificate's thumbprint or serial number) for the registry value CustomCertificate.

Use the certificate's Thumbprint or SerialNumber to identify it in the certificate store
Key	HKLM\Software\RES\Workspace Manager\RelayServer
Value	CustomCertificateFindBy
Type	REG_SZ
Data	Thumbprint or SerialNumber
Remark The values for Thumbprint and SerialNumber may not contain any spaces.

CustomCertificateStore (optional)

By default, the Relay Server will look for the custom certificate in the "Personal" folder in the certificate store. With the registry value CustomCertificateStore, a different folder in the certificate store can be specified. In case a non-English version of Microsoft Windows is being used, the Microsoft Windows internal folder names must be specified for Data.
The supported Microsoft Windows internal folder names are specified below:

Microsoft Windows internal folder name	Name of folder on an English Microsoft Windows Operating System
Root	Trusted Root Certification Authorities
CertificateAuthority	Intermediate Certification Authorities
TrustedPublisher	Trusted Publishers
Disallowed	Untrusted Certificates
AuthRoot	Third-Party Root Certification Authorities
TrustedPeople	Trusted People
AddressBook	Other People

Specify a different folder than "Personal" in the certificate store in which the Relay Server will look for the custom certificate
Key	HKLM\Software\RES\Workspace Manager\RelayServer
Value	CustomCertificateStore
Type	REG_SZ
Data	Folder in certificate store the custom certificate is stored in
Remark In case a non-English version of Microsoft Windows is being used, the Microsoft Windows internal folder names must be specified for Data.

Disallow use of self-signed certificates

In case the registry value CustomCertificate (and optionally CustomCertificateFindBy and CustomCertificateStore) has not been specified, a self-signed certificate will be used for the connection between the RES service and Relay Server, and between Relay Servers. To disallow the use of a self-signed certificate for these connections, the registry value DoNotAcceptSelfSignedCert must be set. See DoNotAcceptSelfSignedCert for more information.