hIf you do not want to purchase a server certificate for the Hub from a public certification authority (CA), then you can also create this in your Active Directory with your own CA. In this case, however, you must distribute the root certificate and, if applicable, the intermediate certification authority certificate to all computers that are to access the Hub via https.
- To do this, enable the role Active Directory Certificate Services with the setup type Enterprise on the Active Directory server or on a member server.
- Then open the certificate management in the MMC of a member server (e. g. the print server on which you’ve installed the ThinPrint Engine).
- Highlight the certificate store Certificates (Local Computer)→ Personal and select All Tasks→ Advanced Operations→ Create Custom Request.
Member server: starting the request for the Hub’s web server certificate
- In the Custom request menu, select the Web Server.
Member server: selecting the template for a web server certificate
- With older CA, the web server certificate type may not be displayed by default. In this case, you must first enable it on the certification authority server by opening the template management in the Certification Authority manager ...
Older CA: managing certificate templates
- ... opening the properties of the Web server template and, on the Security tab, granting the right Enroll to the Authenticated Users group.
Older CA: granting the right Enroll to the Authenticated Users group
- Back to Member Server: In the Certificate Information menu, select Details and then Properties.
Member server: opening the settings of the web server certificate
- In the settings of the Web Server certificate to be created, enter the Common Name and the DNS name in the Subject tab. Both must match the name of the certificate and the computer address (this is a requirement of Chrome browsers). In general, this is the FQDN of the web server or Hub (but also hostname or IP address are possible).
Member server: specifying Common Name and DNS name
- On the Private Key tab, mark the private key of the certificate as exportable (to be able to install the certificate on the Hub later). Confirm with OK, and proceed with Next in the Certification Information menu.
Member server: marking the private key as exportable
- Save the certificate request as a text file (type .txt or .req).
Member server: saving the certificate request as a text file
- Go to your CA and open the Certification Authority manager.
- There, highlight your CA and select All Tasks→ Submit new request.
CA: managing the certificate request
- Select the certificate request you just saved.
CA: opening the certificate request
- Save the certificate in .cer format.
CA: saving the certificate
- Switch back to the member server where you created the certificate request. Install the newly created certificate in Certificates (Local Computer)→ Personal.
Member server: exporting the Hub’s web server certificate
- Export the certificate with its key (file format .pfx).
- Assign a password when exporting.
member server: securing the certificate’s key with a password