Documentation

 

 

Versions Compared

Old Version 2

changes.mady.by.user Ryan Terp

Saved on

compared with

New Version Current

changes.mady.by.user Daralee Ota

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
solid
borderColor#000000
bgColorwhite
titleColorwhite
titleBGColor#000000
borderWidth2
titleApplies toborderStyle
SecureAuth IdP
Panel
borderColor#444443
bgColorwhite
titleColorwhite
titleBGColor#444443
titleIntroduction
borderStylesolid

During a restore operation, the SecureAuth Backup Tool will restore restores the x.509 v3 certificates associated with the installation. If restoration was is done on a different SecureAuth IdP Appliance, then you will need to assign the proper privileges to the certificate(s) private key. The Use the instructions below will guide you through setting to set the proper privileges.

Panel
borderColor#444443
bgColorwhite
titleColorwhite
titleBGColor#444443
borderWidth1
titleApplies to
borderStylesolid
SecureAuth IdP
solid
Panel
borderColor#135570
bgColorwhite
titleColorwhite
titleBGColor#135570
titleDiscussion
borderStylesolid
borderColor#116490
bgColorwhite
titleColorwhite
titleBGColor#116490
titleAdditional Panel
borderStyle
Run the Certificate Manager

To Use the Certificate Manager to view the private key of the certificate you will need to use the Certificate Manager.

Windows Server 2008
  • Click the Start button, type Start and enter certmgr.msc into the Search box, and . Then press the Enter key.
Windows Server 2012/2012 R2
  • From the Desktop, Click click the Windows Explorer icon on the Taskbar.
  • In the address bar, type certmgr.msc and press Enter.
 
Assign the Correct Privileges
1)
  1. In the Certificate Console, expand the nodes Console Root
  1. > Certificates (Local Computer)
  1. > Personal
→ Certificates and right
  1. > Certificates.
     
  2. Right-click the certificate you would like to work with.
    Image Modified
2)
  1. From the
resulting contextual
  1. menu
choose
  1. , select All Tasks
  1. > Manage Private Keys....
    Image Modified
3)
  1. In the Permissions window under the section Group or user names, highlight the entry Account Unknown
,
  1. and click
the
  1. Remove
button
  1. .
    Image Modified
4)
  1. In the Select Users or Groups window, click
the
  1. Locations...
button
  1. and ensure the location is the local machine and not the Active Directory Domain. 
5)

  1. In the Enter the object names to select section

type

  1. , enter Network Service and click

the

  1. CheckNames.

    Info
    titleSAML Signing Certificate

    If this certificate is used as a SAML Signing Certificate

then in

  1. you will need to add an additional account. In the Enter the object names to select section

type

  1. , enter Authenticated Users and click

the

  1. Check Names

button

  1. .

6) Review
  1. Verify that your settings
to ensure they
  1. are correct and click
the
  1. OK
button
  1. to confirm the changes.

 

Panel
  1. Image Added

  2. In the Permissions window under the section Group or user names, highlight the entry NETWORK SERVICE and uncheck the Allow check box next to Full Control.

    Tip

    If this is a SAML Signing Certificate repeat the same process with the Authenticated Users entry as well.

    Image Added

  3. Verify that your settings are correct and click OK to confirm the changes.