Skip to end of metadata
Go to start of metadata

Instead of using the certificate which mobilEcho generates, you can add your own certificates (self-signed) or get one from a certificate authority.

Adding an SSL certificate to your mobilEcho File server

Install your certificate to your Windows certificate store.

  1. On the server, click Start, and then click Run.
  2. In the Open box, type mmc, and then click OK.
  3. On the File menu click Add/Remove snap-in.
  4. In the Add/Remove Snap-in dialog box, click Add.
  5. In the Add Standalone Snap-in dialog box, click Certificates, and then click Add.
  6. In the Certificates snap-in dialog box, click Computer account (this is not selected by default), and then click Next.
  7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
  8. In the Add Standalone Snap-in dialog box, click Close.
  9. In the Add/Remove Snap-in dialog box, click OK.
  10. In the left pane of the console, double-click Certificates (Local Computer).
  11. Right-click Personal, point to All Tasks, and then click Import.
  12. On the Welcome to the Certificate Import Wizard page, click Next.
  13. On the File to Import page, click Browse, locate your certificate file, and then clickNext.
  14. If the certificate has a password, type the password on the Password page, and then click Next.
  15. On the Certificate Store page, click Place all certificates in the following store, and then click Next.
  16. Click Finish, and then click OK to confirm that the import was successful.

Bind the certificate to the mobilEcho file server port

Using the certificate management MMC plugin (certmgr.msc), open the certificate, then copy off its “thumbprint”, e.g.:

a8 13 a1 f4 d8 13 a1 f4 a8 13 a1 f4 d8 fd a4 a8 13 a1 f4 d8

Then, you must bind the certificate to mobilEcho’s HTTPS port (443 in the following example). On Windows Server 2003, the command is:

Note:

The commands with red text in the following section, are required only if you plan on using mobilEcho Client Certificate Authentication.

httpcfg set ssl -i [ip address]:443 -h [thumbprint without spaces] -f 3

For example:

httpcfg set ssl -i 10.10.2.1:443 -h a813a1f4d813a1f4a813a1f4d8fda4a813a1f4d8 -f 3

On Windows Server 2008 or Windows Vista, the command is

netsh http add sslcert ipport=[ip address]:443 certhash=[thumbprint without spaces] appid={72876EC6-D443-48ef-ADD3-FA7A0CBC4762} dsmapperusage=enable clientcertnegotiation=enable certstorename=MY

For example:

netsh http add sslcert ipport=10.10.2.1:443 certhash=a813a1f4d813a1f4a813a1f4d8fda4a813a1f4d8 appid={72876EC6-D443-48ef-ADD3-FA7A0CBC4762} dsmapperusage=enable clientcertnegotiation=enable certstorename=MY

The certificate should now be bound to the port.

Adding an SSL certificate to your mobilEcho Management server 

In this case you need a separate certificate and key or you can convert your bundled one. If the certificate you downloaded is bundled with the key (both are in the same file) you will have to convert the file into two separate files.

  1. You will need to edit the mobilEcho_manager config file. It is located in the ManagementUI folder.
  2. Configure the settings for the paths to your certificate and keyThe first one is the path to the key and the second one is the path to the certificate.

    mobilEcho_manager
  3. Set HTTPS_USE_AUTOGENERATED_CERTS to false. Otherwise, mobilEcho will continue using the certificate it generated for itself instead of the one you just set-up.

The path shown above to the .cert and .key files is just an example.

For any added certificate you must also configure Windows Server so that it recognizes your certificate as trusted.

Note:

This process will make this certificate trusted by Windows Server and it presents a security risk if you get your certificates from an unauthorized Certificate Authority.

  1. To do so, open the Start menu.
  2. Open Run, and type in mmc.
  3. From the Console open the File tab.
  4. Select Add/Remove Snap-in...
  5. From the list on the left select Certificates and press Add>
  6. Select Computer account and press Next.
  7. Select Local computer and press Finish.
  8. Press OK to close the dialog and return to the console.
  9. Expand the Certificates drop-down.
  10. Expand the Trusted Root Certificate Authorities and click on Certificates.



  11. Click on the Action tab, select All Tasks, select Import...
  12. Through the Certificate Wizard browse and select your self-signed certificate as follows:

    1. Press Next on the Certification wizard welcome screen.
    2. Browse to and select the file you want to import. 
    3. Mark Place all certificates in the following store and select the Trusted Root Certification Authorities store.
    4. Verify that your certificate is in the Trusted Root Certification Authorities list.
Labels
  • None