Documentation

 

 

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Panel
borderColor#444443
bgColorwhite
titleColorwhite
titleBGColor#444443
titleIntroduction
borderStylesolid

During a restore operation, the SecureAuth Backup Tool will restore restores the x.509 v3 certificates associated with the installation. If restoration was is done on a different SecureAuth IdP Appliance, then you will need to assign the proper privileges to the certificate(s) private key. The Use the instructions below will guide you through setting to set the proper privileges.

Panel
borderColor#135570
bgColorwhite
titleColorwhite
titleBGColor#135570
titleDiscussion
borderStylesolid
Run the Certificate Manager

To Use the Certificate Manager to view the private key of the certificate you will need to use the Certificate Manager.

Windows Server 2008
  • Click the Start button, type Start and enter certmgr.msc into the Search box, and . Then press the Enter key.
Windows Server 2012/2012 R2
  • From the Desktop, Click click the Windows Explorer icon on the Taskbar.
  • In the address bar, type certmgr.msc and press Enter.

 

Assign the Correct Privileges
1)
  1. In the Certificate Console, expand the nodes Console Root
  1. > Certificates (Local Computer)
  1. > Personal
→ Certificates and right
  1. > Certificates.
     
  2. Right-click the certificate you would like to work with.
    Image Modified 
2)
  1. From the
resulting contextual
  1. menu
choose
  1. , select All Tasks
  1. > Manage Private Keys....
    Image Modified
3)
  1. In the Permissions window under the section Group or user names, highlight the entry Account Unknown
,
  1. and click
the
  1. Remove
button
  1. .
    Image Modified
4)
  1. In the Select Users or Groups window, click
the
  1. Locations...
button
  1. and ensure the location is the local machine and not the Active Directory Domain. 
     
5)
  1. In the Enter the object names to select section

type
  1. , enter Network Service and click

the
  1. Check Names.

    Info
    titleSAML Signing Certificate

    If this certificate is used as a SAML Signing Certificate you will need to add an additional account. In the Enter the object names to select section

type
  1. , enter Authenticated Users and click

the
  1. Check Names

button
  1. .

6) Review
  1. Verify that your settings
to ensure they
  1. are correct and click
the
  1. OK
button
  1. to confirm the changes.
    Image Modified
7)
  1. In the Permissions window under the section Group or user names, highlight the entry NETWORK SERVICE

,
  1. and uncheck the Allow

checkbox Review
  1. check box next to Full Control.

    Tip

    If this is a SAML Signing Certificate repeat the same process with the Authenticated Users entry as well.

    Image Modified

8)
  1. Verify that your settings

to ensure they
  1. are correct and click

the
  1. OK

button
  1. to confirm the changes.