When a self-signed certificate is installed on a server for the Secret Server website, client computer browsers will generally give security warnings for that web site. This is because for public websites, only certificates issued by trusted authorities can be trusted to be valid certificates. For certificates that will only be used within a company or domain, self-signed certificates are fine and the security warnings can generally be ignored.
These security warnings can be annyoing and interfere with third party programs in Secret Assistant. The following steps can be used to trust the certificate:
- Make sure that the host to which the certificate is issued is the same as the host name for your Secret Server website. This can be found by opening Internet Explorer 7 or 8, navigating to Secret Server, clicking "Continue to this website" if you are prompted. Next, click the "Certificate Error" icon next to the navigation bar and click "view certificates". The value next to "Issued to" should match the host name for your website. For example, if your website is "https://www.thycotic.com/SecretServer", it should say "Issued to: www.thycotic.com". If these fields do not match, the client will not be able to fully trust the certificate.
- Get a copy of the certificate file on the client computer.
- Otherwise, on the server, click start, click run, type in "mmc", and click "OK". Then, click "File" on top, click "Add/Remove Snap-in", select the "Certificates" snap-in, click the "Add" button, from the popup select "Computer Account", select "Local Computer", and click "OK".
- You should now see the Certificates (Local Computer) node, expand the "Personal" folder, click the "Certificates" folder, right click on the certificate that Secret Server uses, click "All tasks", and click export. Then, keep clicking "Next" for the defaults in the wizard. Enter a filename and click Finish. The certificate is now exported successfully.
- Copy the certificate from your server and put it on your client computer.
- NOTE: If you have Firefox, the certificate can be saved to your client
computer by viewing and exporting it after navigating to the website.
- Finally, install the certificate on the client computer.
- Click start, click run, type in "mmc", and click "OK". Then, click
"File" on top, click "Add/Remove Snap-in", select the "Certificates"
snap-in, click the "Add" and in the pop-up select "My user account".
- Expand the "Trusted Root Certification Authorities" folder, right click on the "Certificates" folder, and click All Tasks -> "Import"
- Click "Next" and "Yes" for all steps of the wizard. When it asks for the certificate file, select the file you saved in the previous step.
Article ID: 65, Created On: 11/6/2009, Modified: 11/9/2009