Say you want to accelerate MAPI encrypted traffic / CIFS signed with BR6.0? Well, first you'll need to attach the appliance "server side" in your area (see the guide section 4.19 of the user), then you'll need a traffic tunnel between your repeater units . You have your two devices BR ready to go, an encryption license installed -. All you're missing are certificates
CTX128920 take you through the process from opening the key store to establish the secure tunnel between the devices. At the bottom of the article you will also find the commands needed to create certificates using OpenSSL (http://www.openssl.org/).
Let's also say you put in the time and efforts to get a new shiny Windows certification authority goes, so of course you'll want to use the certificates it issues!
Get the CA certificate
First you must ensure that your Repeaters trusted certs issued by your CA to obtain a CERT CA:
DER will ...
client and server certificate
then we need a client certificate: come home CertSrv, "Request a certificate "and then to the advanced certificate request
There are three parameters that you need to change
- name
- certificate type
- Mark keys as exportable
the name itself is not important, but it will help you find the right certificate later. The other information is irrelevant ... leave the fields blank if you want.
Make sure you select the right type:
And - most importantly - check the
Click on the submit button, then just install the certificate.
Now, repeat the process with the only difference in the selection of the type "server authentication certificate."
Open the MMC, add Certificates snap them to "My account", find the certs in Personal Certificates> (here's where the name came to application is very convenient if you have many more certs in the same store).
export them, making sure that you export the private key as well.
Finish setup
You should now have three files, one CA certificate (* .cer ), a server cert and a client certificate (both * .pfx) that include their private keys. When you import as shown in http://support.citrix.com/article/CTX128920, make sure you select "Combined Certificate / Private Key Enter."
Import the CA cert for both tutors and the Client certificate and cert server to another. Configure the remaining tunnel parameters secured by the article, then sit back and admire your achievement proudly.
Cheers,
Chris
0 Komentar