Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

131

132

133

134

135

136

137

138

139

140

certication authority certicate. To view the certicate chain, open the Certicates snap-in (Certmgr.msc), double-click the certicate,

and then click the Certication Path tab.

1 In the Windows Azure Pack management portal for administrators, click Automation, and then click Runbooks.

Depending on the number of certicates you have, and the certicate chain, you may have to run this runbook multiple times.

For example, say that you have one wildcard certicate that is registered at the domain level that you want to use for all sites on both

VMs. It has an intermediate certication authority certicate and a root certication authority certicate. In this case, you would run

the runbook two times.

• First, specify the share path of the root .cer le in CerPathName, and Root for StoreName in one run.

• Second, specify the share path of the intermediate .cer le for CerPathName, and CA as StoreName in the second run.

2 When you run the runbook, specify the following parameters:

Table 39. Runbook parameters

Input Parameter Details

CerPathName The full path and le name where you saved the Internet Security Certicate (.cer) le in

Step 2; for example, \\<

Prex

>CON01\TCAShare\

lename

.cer

ComputerNames You must specify the computer names in JSON format.

• To import the .cer le to both VMs, specify:

["<Prex>APA01" , "<Prex>-APT01"]

• To import the .cer le to a single VM, specify:

["<Prex>APA01"] or ["<Prex>APT01"]

StoreLocation For SSL certicates, type LocalMachine.

StoreName Possible values include:

• Root

Use this value for the Trusted Root Certication Authorities store.

• CA

Use this value for the Intermediate Certication Authorities store

• MY

Use this value for the Personal store.

Step 4: Prepare the le share with the new .pfx certicates

Prerequisites

• Before you do this step, make sure that the new certicates are in .pfx le format. If not, you can use the Certicates snap-in

(Certmgr.msc) to convert them. For more information, see the TechNet article Export a certicate with the private key (http://

technet.microsoft.com/library/cc737187(v=ws.10).aspx).

• Make sure that you know the password that was used to protect the private key.

Procedure

1 On the Console VM, create a le share; for example, \\<

Prex

>CON01\ImportCerts. Make sure that the <Prex>-System account

has Read/Write permissions.

2 Do either of the following:

• If you are using one wildcard certicate for both VMs, and it is registered at the domain level (for example, *.contoso.com), go to

Step 3.

136

Security