This manual describes the usage of external certificates (PFX format) together with TSX Gateway:
Please follow the steps listed below or download the step-by-step guide as .pdf.
1. Generate Certificate Request
We start with the configuration on our TSX Gateway Server:
1.1. Open the Microsoft Management Console (mmc) as Administrator.
1.2. Click CTRL+M and add the certificates snap-in for your computer account.
1.3. Select your local computer and launch the console by clicking on “Finish”:
1.4. Now navigate to Console Root → Certificates (Local Computer) → Personal
1.5. To create a custom request right-click Personal and select All Tasks → Advanced Operations → Create Custom Request
1.6. Click Next until the Certificate Information dialogue appears
1.7. Please change following parameters:
Insert Field: Friendly name
They are used to enable a user to associate aliases with certificates so they can be easily identified
Add Value: Common name CN
( Host + Domain Name) DNS Name
Extensions -> Extended Key Usage
Add Value: Server Authentication
Private Key: Key options
Enable: Make private key exportable
1.8. Export Filename: request.req
Select “Base64” as file format.
1.9. Copy the previously created request file to your certificate authority.
2. Import request on your certificate authority
Now switch to your certificate authority in order to proceed the previously created certification request.
2.1. Open your Server Manager
2.2 Check if the Certification Authority Tools are installed; Otherwise you need to install this role before continuing.
2.3. Right click on “Roles” and navigate to “Active Directory Certificate Services” -> Hostname-cs (e.g server01-CA) and select Submit new request
2.4. Choose the request.req which was created in the first part of this guide.
2.5. Now switch to Pending requests and right click the recently imported request and select All Tasks -> Issue
2.6. Switch to “Issued Certificates” and double click the issued certificate. Switch to the “Details” tab and select “Copy to file”.
This allows you to save you issued certificate as .cer file.
2.7 Copy file to computer where the request has been initiated.
3. Export the certificate as .pfx
3.1 Open the Microsoft Management Console (mmc) as Administrator.
3.2 Click CTRL+M and add the Certificates snap-in for your Computer account.
3.3 Select your “local computer” and launch the console by clicking on “Finish”
3.4 Now navigate to Console Root → Certificates (Local Computer) → Personal
3.5 Right click on the certificate and select “All Tasks” -> “Export”
3.6 Continue until the Export File Format dialogue appears. Select Personal Information Exchange and click on Next
3.7 Please specify a password in order to protect the private key.
3.8 Set the file name and finish the .pfx export
4. Import certificate into TSX Gateway
Now you are able to import your certificate into your TSX Gateway Server.
4.1 Open your TSX Gateway Managenent Console and click on File -> Import certificate
4.2 Click OK on the warning dialogue
4.3 Select the previously created *.pfx file
4.4 Enter the password of the certificate
4.5 The certificated is now installed.