Importing Certificates

Importing Certificates

The following procedure describes how to configure FIPS on XenMobile by importing the certificate, which is required when you use a VMware hypervisor.

SQL Prerequisites

1. The connection to the SQL instance from XenMobile needs to be secure and must be SQL Server version 2012 or SQL Server 2014. To secure the connection, see Microsoft Management Console.

2. If the service does not restart properly, check the following:Open Services.msc.

a. Copy the logon account information used for the SQL Server service.

b. Open MMC.exe on the SQL Server.

c. Go to File > Add/Remove Snap-in and then double-click the certificates item to add the certificates snap-in. Select the computer account and local computer in the two pages on the wizard.

d. Click OK.

e. Expand Certificates (Local Computer) > Personal > Certificates and find the imported SSL certificate.

f. Right-click the imported certificate (selected in the SQL Server Configuration Manager) and then click All Tasks > Manage Private Keys.

g. Under Group or User names, click Add.

h. Enter the SQL service account name you copied in the earlier step.

i. Clear the Allow Full Control option. By default the service account will be given both Full control and Read permissions, but it only needs to be able to read the private key.

j. Close MMC and start the SQL service.

3. Ensure the SQL service is started correctly.

Internet Information Services (IIS) Prerequisites

1. Download the rootcert (base 64).

2. Copy the rootcert to the default site on the IIS server, C:\inetpub\wwwroot.

3. Check the Authentication check box for the default site.

4. Set Anonymous to enabled.

5. Select the Failed Request Tracking rules check box.

6. Ensure that .cer is not blocked.

7. Browse to the location of the .cer in an Internt Explorer browser from the local server, http://localhost/certname.cer. The root cert text should appear in the browser.

8. If the root cert does not appear in the Internet Explorer browser, make sure that ASP is enabled on the IIS server as follows.

a. Open Server Manager.

b. Navigate to the wizard in Manage > Add Roles and Features.

c. In the server roles, expand Web Server (IIS), expand Web Server, expand Application Development and then select ASP.

d. Click Next until the install completes.

9. Open Internet Explorer and browse to http://localhost/cert.cer.

Note: You can use the use the IIS instance of the CA for this procedure.

Importing the Root Certificate During Initial FIPS Configuration

When you complete the steps to configure XenMobile for the first time in the command-line console, you must complete these settings to import the root certificate. For details on the installation steps,

Enable FIPS: Yes

Upload Root Certificate: Yes

Copy(c) or Import(i): i

Enter HTTP URL to import: http://FQDN of IIS server/cert.cer

Server: FQDN of SQL Server

Port: 1433

User name: Service account which has the ability to create the database (domain\username).

Password: The password for the service account.

Database Name: This is a name you choose.