On a default installation, IceLib-based applications do not perform client-side validation of server certificates; however, this option can be turned on.

Jump to a section:

Enabling Client-Side Validation of Server Certificates

By default, IceLib-based applications do not perform client-side validation of the IC Server certificates. This can be enabled in 1 of 2 ways: By using a config file to turn it on for a specific application, or by using the registry to turn it on globally.

Note

Once this option is enabled, the configured IceLib-based client will not be able to login unless the IC Servers and client machine can agree on certificates. Attempting to connect to an IC Server without the certificates installed will result in an IceLibConnectionException.

Use an [ApplicationName.exe].config File

To enable this option on a per-application basis, create an [ApplicationName.exe].config file in the same folder that the application is installed. This file should have, at the very least, the following contents:

CopyXML
<configuration>
    <appSettings>
        <add key="enforceTLSCertificateChecks" value="true"/>
    </appSettings>
</configuration>

Use the Registry

To enable this option for all IceLib-based applications on a machine, create a new "enforceTLSCertificateChecks" DWORD value in the "SOFTWARE\Interactive Intelligence\CommonApplication" registry key, and set its value to 1. This can be set in either the "Current User" or "Local Machine" registry hives. If this value is set in the "Local Machine" registry hive, you will need to set this value in the "SOTWARE\Wow6432Node\Interactive Intelligence\CommonApplication" registry key.

Back to Introduction

Certificate Configuration

There are a few options to handle the configuration of certificates:

Replace all ININ Certificates

There are many things to consider when replacing all of the ININ Certificates with your own certificate authority signed certificates; as such, it is recommended that you contact ININ Support for further details.

Back to Introduction

Use an already trusted 3rd Party Certificate

Instructions on how to use an already trusted 3rd party certificate can be found in the following KB article: https://my.inin.com/products/pages/kb-details.aspx?entryid=q121666141100137. Note that these instructions require the root certificate to be configured as a subordinate certification authority.

Back to Introduction

Install IC Server Certificates on All Client Machines

Based on a default configuration of an IC Server, it will be necessary to install the IC Server's ServerGroup certificate to all client machines that will need to connect to it. Note that this process can be sped up using a Group Policy. The certificate that needs to be installed on the client machines are on the IC Server, in the following path: "[Install Path]\Certificates\ServerGroup\ServerGroupCertificate.cer".