Show Hide

 

Feedback

  • Contents
 

Certificate Signing Option

CIC Servers require certificates and private keys for secure communications with remote subsystems such as ASR servers and Web servers.

CIC Servers in multiple CIC Server environments, for example, a Switchover pair, require identical certificates and private keys to connect to remote subsystems. Depending on this CIC Server's role in your CIC Server environment, you can complete this process on each CIC Server.

Select one of the following certificate signing options.

Use Existing certificates and private keys. Do not create or import new certificates or private keys

Select this option if you prefer to leave the current certificate structure as is. This selection bypasses any further setup for certificates and continues with the next step in IC Setup Assistant.

 

Sign intermediate and child certificates with the Certificate Authority installed on your IC server

Select this option to use certificates signed by CIC. The option displays the Server Group Certificate and Private key dialog.

 

Create Certificate Signing Requests to be signed by an external Certificate Authority and imported into your IC server

Select this option to use certificates signed by a third-party certificate authority. This option displays the Certificate Signing Requests dialog to select the certificate use type for which to create a certificate signing request.

After you receive the signed certificate from the certificate authority, re-run IC Setup Assistant and select this option again to import the signed certificate and private key.

 

Do not allow the Certificate Authority installed on your IC server to sign certificates

Note: This option appears when you rerun IC Setup Assistant. This option does allow the Certificate Authority installed on your IC server to sign certificates.

Select this option to use a single server certificate for all certificate use types. Selecting this option automatically selects the Create Certificate Signing Requests to be signed by an external Certificate Authority and imported into your IC server option. If you select this option, the Certificate Signing Requests dialog contains a single certificate use type.

Note: Before you use a single server certificate for all certificate use types, consider that if the single certificate becomes compromised for one certificate use type, the other certificate use types cannot use the certificate.

Clear this option to use a separate server certificate for each certificate use type. If you clear this option, the Certificate Signing Requests dialog contains all the certificate use types.

 

Encrypt the certificates and private keys with a master key stored in the Windows Certificate Store

This option appears selected if you used Select Master Key to import a certificate and private key to use as a master key. You can clear this option if you no longer want to use a certificate and private key to encrypt the certificate folder.

Note: This option disables further certificate generation on this machine until you re-run IC Setup Assistant and remove the check mark to clear this option.

 

Select Master Key

Select this button to indicate the master certificate and private key to use to encrypt the certificate folder. The Windows Certificate Store stores the master certificate. You can use Select Master Key with all three certificate signing options. Click Select Master Key and the Import or Select Signed Certificate dialog appears. From the Import or Select Signed Certificate dialog you can:

After you use the Import or Select Signed Certificate dialog to indicate the master certificate and private key,  the Encrypt the certificates and private keys with a master key stored in the Windows Certificate Store option appears selected.