Install an X.509 Certificate
The installation of an X.509 certificate is required for transport encryption and authentication. There are two main approaches for creating an X.509 certificate:
- Certificate released by an (internal) certification authority (CA)
- Self-signed certificate
Note
When using Board Cloud, make sure to use a certificate released by a public certification authority (CA).
Note
On test environments you can use a self-signed certificate. For production environment it is recommended to use a certificate released by an (internal) certificate authority (CA).
Create the X.509 Certificate
Make sure to have a TLS certificate issued by your IT network team considering the following points:
- The certificate property “Subject Alternative Name” contains the DNS name of the server on which the Windows service (e.g. Xtract Universal Service or Board Connector Service) is running.
- Place the certificate in the Windows Certificate Store on the machine, on which the Windows service is running.
- The certificate common name (CN) attribute contains the DNS name of the server.
Tip
To display the Common Name (CN) of the certificate, double-click the certificate in the Cetrificate Manager and navigate to the Details tab.
Integrate the X.509 Certificate
- Import the certificate to the Windows Certificate Store using Microsoft Management Console (mmc). In the example shown, the server name is "TODD":
- Open Server > Settings from the main window of the Designer.
- In the tab Web Server, click [Select X.509 certificate]. The window "Edit certificate location" opens.
- Select the X.509 certificate created for your machine under Local Machine > Personal.
- Click [OK] to confirm your input. If prompted, restart the server.
Related Links
- Knowledge Base Article: Enable Secure Network Communication (SNC) via X.509 certificate
- Change Service Account