This document provides a step by step description how to use the MS PKI which is available on Windows Server to actually sign the Certificate Request from Xsuite hence replacing the issued self signed certificate
Instructions:
1. Create the CSR
Make sure the fields for Common Name and Alternate Subject Names basically reflect all the URLs used to access this Xsuite instance.
Note, there is no line break/carriage return at the end of the list of the Alternate Subject Names
2. Download the CSR
3. Download the newly created Private Key
4. ... and protect the key with a password
5. Access the MS PKI through the Web interface and submit the Certificate Signing Request
Select the CSR file to insert or copy and paste the file's contents in the larger text field.
Use "Web Server" as the Certificate Template
6. Download the newly created certificate and certificate chain
7. Download the CA certificate, CA certificate chain and latest base and delta CRL
8. Join private key and the certificate to a single file
e.g. in a cmd submit
copy xsuite_KEY.key + xsuite_CERT.cer xsuite_KEY_CERT.cer
9. Upload to the Xsuite instance in this order:
CA Bundles
Certificate Revocation List
The PKI Root Certificate
Certificate with Private Key (enter the previously given password to allow access to the key)
10. Set the newly uploaded certificate
and reboot the box.
11. Sign Xsuite Applets
12. Import the MS PKI root certificate into the trusted CA store of your Browser or Xsuite Client
13. Should you not run the Xsuite Client clear the JAVA and Browser cache before accessing the Xsuite with the newly signed JARs
Please also see the document "Certificates In Detail.pdf" available on the Xceedium Support Portal