Feedback

  • Contents
 

Server Group Certificate and Private Key Locations

CIC Servers in multiple CIC Server environments, for example, a Switchover pair, require identical Server Group certificate and private keys to successfully connect to remote subsystems. Follow this procedure to securely copy the Server Group certificate and private key files from an existing CIC Server to this CIC Server.

Switchover pairs

In this procedure, you will copy the Server Group certificate and private key files from the initial active server or the first server in an upgrade installation to this CIC Server (the initial backup server or second server in an upgrade installation).

In this procedure, you will copy the Server Group certificate and private key files from the initial active server to this CIC Server (the initial backup server).

Note: You should have already selected the Switchover Service option in the Select IC Optional Components dialog and configured this CIC Server for Switchover. If you have not done so yet, do so now.

Third party certificate authority

If your company has already established its own root certificate authority and manages its own certificates, you can choose to use your own Server Group certificate and private key instead of the default CIC-generated Server Group certificate and private key. In this procedure, you will copy your own Server Group certificate and private key to this CIC Server.

To securely copy the Server Group certificate and private key files from an existing IC Server to a Backup IC Server

  1. With Setup Assistant set on this dialog, Browse to the \I3\IC\Certificate\ServerGroup directory on the Primary CIC server. For a Switchover pair, the Primary server is the initial active server or the first server in an upgrade installation.

    Note
    : If you are using your own Server Group certificate and private key, browse to the directory locations of the Server Group certificate (ServerGroupCertificate.cer) and Server Group private key (ServerGroupPrivateKey.bin) that you wish to use.

  2. Create a new folder with the name ‘ServerGroup_InitialServer’ in the ‘Downloads’ folder and copy the entire \I3\IC\Certificates\ServerGroup directory to the ‘ServerGroup_InitialServer’ folder.

    Note
    : If you are using your own Server Group certificate and private key, copy the Server Group certificate and private key that you wish to ‘ServerGroup_InitialServer’.

  3. Paste the copied ‘ServerGroup_InitialServer’ folder to the ‘Downloads’ folder on this Backup CIC Server. For a Switchover pair, this Backup CIC Server is the initial backup server or the second server in an upgrade installation.

  4. Click the Import Certificates button in this dialog.

  5. The Import Certificate dialog appears. Browse to the locations of the Server Group certificate and private key files in the ‘ServerGroup_InitialServer’’ in the Certificate Path and Private Key Path fields, for example, C:\Users\User1\Downloads\ ServerGroup_InitialServer \ServerGroupCertificate.cer and C:\Users\User1\Downloads\ ServerGroup_InitialServer \ServerGroupPrivateKey.bin. Keep the default Type and Format settings. Setup Assistant will back up the existing certificate/private key files before overwriting them. See "Server Group certificate/private key backup information" below

    Note
    : If you are using your own Server Group certificate and private key, you must also specify the Type and Format information, and whether the private key is password protected. Click on Help for details.

  6. Click OK to return to the Server Group Certificate and Private Key Locations dialog, which displays the paths of the Server Group certificate and private key files that will be copied to this Backup CIC Server.

  7. Click Next to continue on in Setup Assistant until it completes. Keep the ‘ServerGroup_InitialServer’ folder in the Backup CIC Server until Setup Assistant completes. The Server Group certificate and private key files will be copied from the ‘ServerGroup_InitialServer’ folder to the Backup CIC Server during the Commit process.

  8. Store the ‘ServerGroup_InitialServer’ folder containing the Certificates directory in a safe location for backup purposes.

Troubleshooting

Do not manually copy the Server Group certificate and private key files from the designated existing CIC Server to this CIC Server. This method can lead to errors. If errors occur, re-run Setup Assistant and follow the procedures described in this help topic. If Setup Assistant fails to launch the CIC Server processes (Notifier, DSServer, and AdminServer), see the PureConnect Knowledgebase article "How to Recover from Lost Certificates" (http://knowledge.inin.com/Incident.asp?EntryID=Q120576310201905) to regenerate the default certificates.

Server Group certificate/private key backup information

Setup Assistant will back up the existing Server Group certificate and private key files in the \I3\IC\Certificates\ServerGroup directory and overwrite them with the certificate and private key you specify in the Import Certificates dialog.

The backed up files will have the same name as the original files, with the .<BackupNumber> extension. For example:

ServerGroupCertificate.cer.1 on the first backup

ServerGroupCertificate.cer.2 on the second backup, etc.

For more information

For more information on:

  • Configuring Switchover and Server Group certificates and private keys, see CIC Automated Switchover System in the Technical Reference Documents section of the PureConnect Documentation Library.

  • CIC Server and remote subsystem security and other CIC security features, see PureConnect Security Features in the Technical Reference Documents section of the PureConnect Documentation Library.

IC Survey Location: This information may be included in the IC Survey file. If so, the selection/value will appear in this dialog. You can review the contents of the IC Survey file by selecting View Survey in the Load IC Survey File dialog or opening it in a Pre-Install survey in the IC Survey system.