IFS Middleware and Certificates

Information

Securely packaged certificates/keys

The keys in the certificates are sensitive information, so it needs to be stored in a password protected container. The IFS Installer will only import secure certificate stores that fulfill:

            Third-party certificates must be imported into a valid PKCS #12 store

            The PKCS #12 store password must contain at least six characters

            The complete Chain of Trust, including the CA Root Certificate, must be included into the PKCS #12 store

            The certificate must be a Server Certificate

IFS Recommend RSA Certificate Encryption

It's recommended to use keysize 2048 and use key algorithm RSA for the Certificates used in IFS systems.

Know Issues

Know issue with IFS Certificate when validating in IFS Middlware.

Error:-

Certificate verification failed. Path does not chain with any of the trust anchors.

Step 1: Import Certificate into Local Machine        

1. Mark this key as exportable
2. Place into Trusted Root Certification Authorities

Step 2: Run MMC (from the start/run)

1. Select File\Add Remove Snap-in
2. Select Certificate and add for Computer account
3. Find Certificate (in Trusted Root Certification Authorities)
4. Select the Certificate and press the right mouse button
   1. Select All Tasks\Export
   2. Select Yes, export private key
   3. Select Export all extended properties
   4. Enter password (must contain at least six characters/no special characters)
   5. Save to a new File name (C:\Temp\newcert.pfx)