Instructions:

1.  Create the CSR

Make sure the fields for Common Name and Alternate Subject Names basically reflect all the URLs used to access this Xsuite instance.

Note, there is no line break/carriage return at the end of the list of the Alternate Subject Names

2.  Download the CSR

3.  Download the newly created Private Key

4.  ... and protect the key with a password

5.  Access the MS PKI through the Web interface and submit the Certificate Signing Request

Select the CSR file to insert or copy and paste the file's contents in the larger text field.

Use "Web Server" as the Certificate Template

6.  Download the newly created certificate and certificate chain

7.  Download the CA certificate, CA certificate chain and latest base and delta CRL

8.  Join private key and the certificate to a single file

e.g. in a cmd submit

copy xsuite_KEY.key + xsuite_CERT.cer xsuite_KEY_CERT.cer

9.  Upload to the Xsuite instance in this order:

CA Bundles

Certificate Revocation List

The PKI Root Certificate

Certificate with Private Key (enter the previously given password to allow access to the key)

10.  Set the newly uploaded certificate

and reboot the box.

11.  Sign Xsuite Applets

12.  Import the MS PKI root certificate into the trusted CA store of your Browser or Xsuite Client

13.  Should you not run the Xsuite Client clear the JAVA and Browser cache before accessing the Xsuite with the newly signed JARs