Managing certificates

The Velocity License Server can use a certificate to encrypt the connection between the License Server and the devices where people log in to the License Server Console. Use a certificate signed by a 3rd party Certificate Authority (CA) or a self-signed certificate. A self-signed certificate is easier to generate and has no additional cost, but a certificate from a CA is automatically trusted by browsers and may provide better security by authenticating the server as well as encrypting the traffic.

Most browsers do not recognize self-signed certificates as valid and display a warning message that the user must navigate past in order to see the page. For example, Chrome displays an error page and the user must click Advanced > Proceed to [address] (unsafe) in order to navigate to a page using a self-signed certificate.

The easiest way to configure the License Server with a certificate is during the License Server installation process. If you plan to use a CA certificate, make sure the certificate is added to the Windows certificate store before running the installer. If you do not set up the certificate during installation, you can configure the License Server to use a certificate later though the License Server Certificate Configuration Utility that is installed with the License Server.

We recommend the following process: 

1.(Optional) Purchase a certificate from a CA. If you purchase a certificate from a CA, use the instructions the CA provides to create the certificate signing request. After you've received the certificate, add it to the Windows certificate store using the instructions below.

2.Run the installer. If you choose to use a self-signed certificate, the installer creates the certificate and adds it to the TrustedPeople certificate store during installation. For more information, see Installing the License Server.

If you decide to set up a certificate after you've already run the installer, use the instructions below to configure the License Server with the certificate information and then restart the server. You can also use those instructions if you need to replace a certificate.

1.From Windows File Explorer, navigate to the certificate file and double-click it.

2.Windows launches the Certificate Import Wizard. Select Local machine and click Next.

3.Make sure the File name field is populated with the certificate file you chose and click Next.

4.If the certificate has a password, provide the Password and click Next. If you created the certificate using the provided utility, there is no password associated with the certificate and you can leave the Password field blank.

5.Select the Place all certificates in the following store option and click Browse to select the store. We suggest using the Personal store. You'll need to know which store the certificate is in later.

After you have chosen the store, click Next.

6.Click Finish to add the certificate to the specified certificate store.

You only need to perform these steps if you are replacing a certificate or if you didn't have the certificate in the Windows certificate store during installation.

1.Make sure the certificate is installed in the Windows certificate store.

2.In the Windows program list, select Velocity License Server > Certificate Configuration Utility.

3.The Certificate Configuration Utility launches. The utility defaults to using the LocalMachine Personal certificate store, but if you installed the certificate in a different store, select the appropriate certificate store.

4.Click Choose certificate.

5.Click More choices to see a full list of certificates in the certificate store. Select the certificate you want to use and click OK.

The fields for the certificate are automatically populated.

6.If desired, specify the address and port the License Server listens on for the License Server Console. The hostname must match the hostname or IP address in the certificate.

7.If the certificate is self-signed, enable the Allow invalid certificates option.

8.Ensure that the configuration file path points to the correct location. If you used the default settings, you do not need to change this.

9.Click the Save to configuration file button.

10.Click the Restart server button.

The License Server is configured with the certificate information and uses encryption for all connections to the License Server Console.

Connect to the License Server Console by launching a browser and typing in the address bar: 
https://[server name]:4420/
Where [server name] is the name of the server where the License Server is installed.