Importing Certificates for PM and SNM

Follow the steps below to generate and import certificates for PM and SNM by using local Windows Server as Certificate Authority.

  1. Generate certificate requests by using IIS for PM and SNM.
  2. Upload the certificate request to certsrvapplication.
  3. Issue the certificates by using Microsoft Management Console (MMC).
  4. Download the Issued certificates from certsrv application.
  5. Complete the certificate request by using IIS.
  6. Generate the PFX files for PM and SNM with private key to use as a keystore.
  7. Follow below steps to enable SSL for PM and SNM applications.
    1. Open Webserver_config utility
    2. Select Configure web protocol to HTTPS
    3. Select Change to HTTPS
    4. Select Certificate is uploaded to file system
    5. Select the PFX file which was generated in Step 6.
  8. Follow below steps to exchange the certificates between PM, SNM, AD and CMG
    1. Open Webserver_config utility
    2. Select Root Certificate Management
    3. Select Load Upload Root Certificate into Java truststore.
    4. Select the certificate of other system and provide the alias name. For example, if you are executing above steps in PM, then you must select the certificate of SNM that you have downloaded from Step 4
    5. In case if the Other system is AD or CMG, then you must get the AD or CMG certificates from AD or CMG servers by using Microsoft Management Console (MMC) tool.
    6. Importing the certificate of PM/SNM, AD and or CMG is applicable for Co-Existing system (PM/SNM are in same server) also.
    7. You can import the certificate by connecting to other system directly by selecting webserver_config > Root Certificate Management> Download Certificate by connecting to trusted host > Enter the Other Server Name / IP, Port and alias names.
  9. At AD or CMG side, have to import the server Certificate of PM by using Microsoft Management Console (MMC) tool to the trusted people section.
  10. Import the Root Certificate of PM to AD or CMG by using Microsoft Management Console (MMC) tool to trusted Certificate Authority Section.
Note:

Certificates that is generated in the steps above is a self-signed certificate using Microsoft IIS and there are also other ways of doing that. It is recommended to use the company´s certificate.

Parent topic: Security