|Applies To||RSA Product Set: ECAT|
RSA Product/Service Type: ECAT
RSA Version/Condition: 4.X
|Issue||You want to use your own certificates with ECAT and not use the ones generated by the installer.|
|Tasks||Note the actual steps you will use will depend upon your own Certificate Authority. This article shows the steps taken with a Microsoft 2008 Certificate Authority. |
First install the product so that the self generated ECAT Certificates have been installed. We will replace them with our own generated certificates.
It is important the the Private Key is marked as Exportable and that the Server Authentication application policy is selected.
2. Repeat the process to create a ECAT Client Certificate Template. The important part is again to make sure that the private key is marked as exportable and that the application policy is "Client Authentication".
3. Make sure that you can issue certificates with these templates.
4. On the ECAT Machine open up the MMC Console and the certificate MMC Add In for the current user and also the Local Computer. Request new Certificates using ECAT Server and ECAT Client Certificate Templates
that you created in steps 1) and 2) above. It will be necessary to request the certificate as the local user.
5. For the Subject Name of the Server Certificate you can put any name eg " ECAT Server"
6. For the ECAT Client specify a client name as "ECAT CLIENT"
7. Enrol to receive your certificates
8. The requested certificates will appear in the Current User personal Certificate Store.
9. Copy the certificates
10. Paste the certificates into the Local Computer Personal Certificate Store.
11. Edit the consoleServer.exe.config file with your new settings:
Replace the values as follows:
<add key="LocalHttpsServerCert" value="ECAT SERVER"></add>
<add key="LocalHttpsServerCertHash" value="fe035236b5ce9430625275f6b2e7b2104ef8d0e"></add>
<add key="LocalHttpsClientCert" value="Ecat Client"></add>
Note the Thumbprint is the thumbprint value of the ECAT SERVER certificate. The names of the certificates are case sensitive and must match exactly.
12. Restart the ECAT Console Service and verify the the service starts and is listening.
13. Chose these certificates in the Agent Packager and Test the Connection.