X.509 Certificates
The installation process requires an X.509 certificate. Archer uses this certificate for authentication between the Web Application and Archer services.
You can create a new certificate during the initial installation of Archer. The certificate is named Archer Configuration and saved in the Personal area of the certificate store. Export this certificate for use in future installations. You must always use the same certificate in subsequent installations.
You can change the certificate later. To change the certificate after installation, rerun the installer, select only Web Application and Services, and then select the Use a different certificate option.
If you already have an X.509 certificate, determine its location and provide that information when requested during the installation.
On this page
Installation options
During a new installation, Archer prompts you to either create an X.509 certificate, import an existing certificate, or select an existing certificate already in the certificate store. Create a new X.509 certificate for all new installations unless you have an existing certificate.
Create a certificate
Create the Archer Configuration certificate and save it in the Personal store of the certificate store. If you choose to create a new certificate, the new certificate does not interfere with other certificates in IIS, such as an SSL certificate. Make a note of this certificate so that you can use it during the installation.
|
Parameter |
Value |
|---|---|
|
Issuer |
CN = Archer Configuration O = Archer |
|
Subject |
CN = Archer Configuration O = Archer |
|
Valid to |
December 31, 2039 |
|
Signature algorithm |
sha512RSA |
|
Private key |
Archer (1024-bit) |
Select from disk
This option designates an existing certificate not yet imported into the certificate store. If you select to import a certificate, you must select the file in which the certificate is located and provide the password to the private key.
Select from certificate store
This option designates selecting an existing certificate from the certificate store.
Configuration Service Authentication
The Archer Control Panel and Archer Web Services authenticate to the Archer Technologies Archer Configuration Service using the X.509 certificate. During installation, Archer allows you to do the following:
- Use an existing X.509 certificate, for example, 1 issued and signed by your Root CA. It is recommended that you use a domain certificate or a certificate signed by an external CA and generated in accordance to industry best practices.
- Have the installer generate an X.509 certificate for you. In this case, the installer generates a self-signed certificate.
The X.509 certificate used for authentication to the Archer Configuration service does not interfere with other certificates used within IIS, such as your SSL certificate.
Export the X.509 certificate
Complete this task to export the initial certificate for use in future installations. All subsequet installations must use the same X.509 certificate.
Begin at the server where the certificate was created.
- Click Start > Run > MMC.
- Select File > Add/Remove Snap-ins.
- From the Available Snap-ins list, select Certificates and click Add.
- Select Computer Account and click Next.
- Select Local Computer and click Finish.
- Click OK.
- Expand Certificates > Personal folder. Right-click Archer Configuration and select All Tasks > Export. The Certificate Export Wizard starts.
- Select Yes, export the private key and click Next.
- Select Personal Information Exchange - PKCS #12 (PFX) format.
- Select Export all extended properties and click Next.
- Designate a password to protect the private key, and select a local directory in which to export the certificate.
