How to import a .PFX certificate into TSX Gateway?

mona
2013-08-29 15:14

This manual describes the usage of external certificates (PFX format) together with TSX Gateway:

Please follow the steps listed below or download the step-by-step guide as .pdf.

  • How to use PFX Certificate File with TSX Gateway
  • Content:

    1. Generate Certificate Request

    2. Import request on your certificate authority

    3. Export the certificate as .pfx

    4. Import certificate into TSX Gateway

    1. Generate Certificate Request

    We start with the configuration on our TSX Gateway Server:

    1.1. Open the Microsoft Management Console (mmc) as Administrator.

    MMC.png

    1.2. Click CTRL+M and add the certificates snap-in for your computer account.

    3.png

    1.3. Select your local computer and launch the console by clicking on “Finish”:

    4.png

     

    1.4. Now navigate to Console Root → Certificates (Local Computer) → Personal

    personal.png

    1.5. To create a custom request right-click Personal and select All Tasks → Advanced Operations → Create Custom Request
    create_custom_request.png

    1.6. Click Next until the Certificate Information dialogue appears

    certification_information.png

    1.7. Please change following parameters:

    General

    Insert Field:         Friendly name
    They are used to enable a user to associate aliases with certificates so they can be easily identified

    1_cp_general.png

    Subject

    Add Value:         Common name CN
    ( Host + Domain Name) DNS Name

    2_cp_subject.png

    Extensions -> Extended Key Usage

    Add Value:         Server Authentication

    3_cp_extensions.png

    Private Key: Key options

    Enable: Make private key exportable

    4_cp_private_key.png


    1.8. Export Filename: request.req
    Select “Base64” as file format.

    5_cp_export.png

    1.9. Copy the previously created request file to your certificate authority.

     


     

    2. Import request on your certificate authority

    Now switch to your certificate authority in order to proceed the previously created certification request.

    2.1. Open your Server Manager
    server_manager.png

     

    2.2 Check if the Certification Authority Tools are installed; Otherwise you need to install this role before continuing.
    certification_authority_role.png

    2.3. Right click on “Roles” and navigate to “Active Directory Certificate Services” -> Hostname-cs (e.g server01-CA) and select Submit new request

    submit_a_new_request.png

     

    2.4. Choose the request.req which was created in the first part of this guide.

    open_request_file.png

    2.5. Now switch to Pending requests and right click the recently imported request and select All Tasks -> Issue

    issue_a_pending_request.png

    2.6. Switch to “Issued Certificates” and double click the issued certificate. Switch to the “Details” tab and select “Copy to file”.

    This allows you to save you issued certificate as .cer file.

    copy_to_file.png

    2.7 Copy file to computer where the request has been initiated.

     


     

    3. Export the certificate as .pfx

    3.1 Open the Microsoft Management Console (mmc) as Administrator.

    MMC.png

    3.2 Click CTRL+M and add the Certificates snap-in for your Computer account.

    3.png

    3.3 Select your “local computer” and launch the console by clicking on “Finish”

    4.png

    3.4 Now navigate to Console Root → Certificates (Local Computer) → Personal

    1_export_certificate.png

    3.5 Right click on the certificate and select “All Tasks” -> “Export”

    2_export_certificate.png

    3.6 Continue until the Export File Format dialogue appears. Select Personal Information Exchange and click on Next

    3_export_certificate.png

    3.7 Please specify a password in order to protect the private key.

    4_export_certificate.png

    3.8 Set the file name and finish the .pfx export

    5_export_certificate.png

     


     

    4. Import certificate into TSX Gateway

    Now you are able to import your certificate into your TSX Gateway Server.

    4.1 Open your TSX Gateway Managenent Console and click on File -> Import certificate

    16-05-2013-19-46-18.png

    4.2 Click OK on the warning dialogue
    16-05-2013-19-46-23.png

    4.3 Select the previously created *.pfx file

    16-05-2013-19-46-34.png

    4.4 Enter the password of the certificate

    16-05-2013-19-46-49.png

    4.5 The certificated is now installed.

    16-05-2013-19-46-56.png

    Tags: authentication, certificate, Gateway, pfx, tsx gateway