How to install and use a certificate on Imagicle UC Suite server

Applies to:

Description:

How to install a custom certificate on the UC Suite server to allow encryption. 

How-to:

It is possible to upload and use the following types of certificates for different functionalities such as http traffic or recordings encryption:

When a certificate which has a CN matching the IAS server FQDN is available, you must load it to the IAS web server.

How to use the AppSuite self-signed certificate

You can use the self-signed certificate that had been generated and installed on IIS during IAS installation.

However, this certificate must be modified to match current machine's Fully Qualified Domain Name.

Open "Internet Information Services (IIS) Manager" and select the main node in the left panel. Click on "Server Certificates", double click on certificate issued to "ImagicleApplicationSuite". In the  "Details" tab, select "Authority Key Identifier" field and look for the "CN=" string in the Value.

If the CN does not match machine FQDN (it must match the exact FQDN entered in ECC configuration), please proceed as follows:

a. In case used the certificate used for HTTP traffic encryption, remove the https binding on port 443

In the left panel of "Internet Information Services (IIS) Manager", select "Default Web Site". Then, in the right panel, click on "Bindings...". In the left panel, select row for protocol "https" on port "443" and click Remove.

b. Modify the file

<StonevoiceAS>\System\SSL\ImagicleSSLCert.ps1 and ImagicleUdsProxyCert.ps1

Editing line 15:

From:  $CertificateName = "ImagicleApplicationSuite";
To:       $CertificateName = $env:computername;

c. Run the following batch file with administrative permissions:

<StonevoiceAS>\System\SSL\RunMe.bat

Now the certificate looks like this (in the example, the FQDN is "MYIAS"):

d. Now export the certificate from IIS and import it into internet explorer to get rid of the certificate warning that is displayed into the browser once the Imagicle home URL is plugged in.

 

Choose the path where to store it, define a password and then press OK:

e. In Internet Explorer go to tools-->internet options--> content-->Certificates, and import the previously exported certificate.

Once it is imported, restart Internet Explorer and plugin the following URL: https://FQDN to access the Imagicle interface without security warning. (Lock should be displayed at the end of the URL). 

 

How to use a certificate issued by the Domain Controller

If the IAS server belongs to an Active Directory domain, you can request a new web server certificate.

  1. Log in to the Imagicle Application Server as an administrator with permission to Enroll for a Web Server Certificate (e.g. a Domain Administrator).

  2. Click the Start button, then Run, type cmd.exe, right click over Command Prompt and click on Run as administrator

  3. In the Command prompt shell, type mmc.exe.
  4. Open the File menu and select Add/Remove snap-in.
  5. In the Add or Remove Snap-ins window, select Certificates, and click Add.
  6. Choose Computer Account, and click Next.
  7. Choose Local Computer, and then Finish.
  8. Click OK on the Add or Remove Snap-ins window.
  9. Expand Certificates.
  10. Expand Trusted Root Certification Authorities and click Certificates. Make sure the root certificate is present for the Enterprise Certificate Authority in the domain.
  11. Right-click Personal and select All Tasks, then Request New Certificate.
  12. Click Next.
  13. If prompted to select a Certificate Enrollment Policy, select one under the category of Configured by your administrator. Click Next.
  14. Select Web Server (If Web server is unavailable see the WebServer certificate section), and click the link for More information is required to enroll for this certificate. Click here to configure settings.
  15. Click the Subject tab:
    1. Under the Subject Name section, change the Type to Common Name, and change the Value of the Fully Qualified Domain Name of the server hosting the Imagicle Application Suite (e.g. myias.mydomain.com).
    2. Click Add.
  16. (optional) Click the General tab and type a Friendly Name
  17. Click Apply, and OK.
  18. On the Certificate Enrollment window, click Enroll.
  19. Verify that the STATUS is Succeeded, and click Finish.
WebServer certificate

If there is no available WebServer certificate, you have to create it.

  1. On the CA computer (the DC), click Start, type certtmpl.msc, and then press ENTER.
  2. In the contents pane, right-click the Web Server template, and then click Properties.
  3. Click the Security tab, and then click Add.
  4. Click Object Types
  5. Flag Computers checkbox
  6. In Enter the object names to select, type the name of Imagicle Application Suite Server, and then click OK.
  7. In Permissions, click Enroll under Allow, and then click OK.

How to use a certificate issued by a well-known Certificate Authority

  1. Ensure you already have a valid certificate (with private key) in a .pfx file format
  2. Access to Imagicle Server and launch IIS Manager
  3. Select the computer in the left tree view and double-click on "Server Certificates"
  4. Click on Import command on the right actions panel
  5. Select the certificate pfx file
  6. Insert the relevant password
  7. Tick the option "Allow this certificate to be exported" and press OK
  8. Click on "Default Web Site" in the left tree view
  9. Click on "Bindings..." command in right actions panel
  10. Click on https and press Edit button
  11. Under "SSL Certificate" drop-down menu choose the new certificate and press OK
  12. Close IIS Manager



Article ID: 842
Last updated: 08 Apr, 2021
Revision: 1
Imagicle AppSuite Cross Platform -> FAQ and Solutions -> How to install and use a certificate on Imagicle UC Suite server
https://kbp.imagicle.com/kb/entry/842/