Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

131

132

133

134

135

136

137

138

139

140

• Searches for .pfx les at \\host\share\WebSiteName\VMName\*.pfx

• If it nds no .pfx les at the VM level, it searches \\host\share\WebSiteName\*.pfx

• If it nds no .pfx les at the website level, it searches \\host\share\*.pfx

• If it nds no .pfx les at all, it returns the following error message: Error, no .pfx le

Step 5: Update to the new trusted certication authority certicate on

each component virtual machine

You must run a runbook to update to the new, signed certicates for the Windows Azure Pack website services, SMA, and SPF.

1 Create a PowerShell Credential asset. The password for this asset must match the password that was used to protect the private key

of the new certicates.

NOTE: If you want to restore a certicate, this password must match the password you used in Step

a In the Windows Azure Pack management portal for administrators, click Automation in the navigation pane.

b On the Automation page, click Assets.

c Click Add Setting, and then in the Add Setting window, click Add Credential.

d In the Credential Type list, click PowerShell Credential.

e In the Name box, type a name for the asset (for example, CertImport), and then click the Next arrow.

f In the User Name box, enter a user name; for example, SMACred. This does not need to be an existing user in the domain, or

have any specic permissions.

g In the Password and Conrm Password boxes, type a password. This password must match the password that was used to

protect the private key of the certicates that you want to import.

2 Run the Set-SslCerticate runbook to update to the new trusted certication authority certicate. The SSL certicates must be

provided as .pfx les, and must include a private key protected by a password. The runbook takes the following parameters:

Table 40.

Set-SslCerticate runbook parameters

Input Parameter Details

ComputerNames You must specify the computer names in JSON format.

• To update the certicates on both VMs, specify:

["<

Prex

>APA01" , "<

Prex

>-APT01"]

• To update the certicates on a single VM, specify:

["<

Prex

>APA01"] or ["<

Prex

>APT01"]

Fileshare The UNC le share that you created in the previous procedure to store the

new .pfx certicates; for example, \\<

Prex

>CON01\ImportCerts

PFXCredential The name of the PowerShell Credential asset that you created in the rst

step of this procedure; for example, CertImport

NOTE: Each time that you run the runbook, even if the runbook has a status of Completed, make sure that you check the output

for errors.

Step 6: Secure the shares that you created

You should take steps to secure the shares where you stored the certicate information. Or, alternately, you can remove sharing completely,

if so desired.

You can now:

138

Security