Administrator Guide

ManualsBrandsDell ManualsCloudLink SecureVMHybrid Cloud System for Microsoft

121

122

123

124

125

126

127

128

129

130

In each root level folder, there is a second-level folder that is the name of the VM on which the certicate is installed. This folder

contains the following les:

• The exported .pfx le

• A Java Script Object Notation (JSON) representation of the certicate (.json le)

• A text le where you can view the certicate subject name, expiration date, and other information.

Step 2: Obtain certicates from a trusted certication authority and copy

the .cer les to a share

1 If you have not already, obtain one or more certicates from a trusted certication authority, as described in Obtain a Certicate on

the Microsoft website.

2 On the Console VM, follow the same procedure that you did earlier to create a UNC le share for the trusted certication

authority .cer les. For example, create a le share that is named \\<

Prex

>CON01\TCAShare. Make sure that the <Prex>-System

account has Read/Write permissions.

3 Copy the certicate (.cer) le or les to the share location.

NOTE: Notice that there may be both a root certication authority certicate and an intermediate certication

authority certicate.

Step 3: Import the trusted root and intermediate certication authority.cer

les to establish the certicate chain on each VM

This step establishes the correct certicate chain of trust on each VM. A certicate chain consists of all the certicates that are needed to

certify the subject that is identied by the end certicate. For example, an intermediate certication authority certicate is linked to a root

certication authority certicate. To view the certicate chain, open the Certicates snap-in (Certmgr.msc), double-click the certicate,

and then click the Certication Path tab.

1 In the Windows Azure Pack management portal for administrators, click Automation, and then click Runbooks.

Depending on the number of certicates you have, and the certicate chain, you may have to run this runbook multiple times.

For example, say you have one wildcard certicate that is registered at the domain level that you want to use for all sites on both VMs.

It has an intermediate certication authority certicate and a root certication authority certicate. In this case, you would run the

runbook two times.

• First, specify the share path of the root .cer le in CerPathName, and Root for StoreName in one run.

• Second, specify the share path of the intermediate .cer le for CerPathName, and CA as StoreName in the second run.

2 When you run the runbook, specify the following parameters:

Table 38. Runbook Parameters

Input Parameter Details

CerPathName The full path and le name where you saved the Internet Security Certicate (.cer) le in

Step 2; for example, \\<

Prex

>CON01\TCAShare\

lename

.cer

ComputerNames You must specify the computer names in JSON format.

• To import the .cer le to both VMs, specify:

["<Prex>APA01" , "<Prex>-APT01"]

• To import the .cer le to a single VM, specify:

["<Prex>APA01"] or ["<Prex>APT01"]

StoreLocation For SSL certicates, type LocalMachine.

130 Security