Configuring File Access Manager to Use Local Certificates
File Access Manager uses a self-signed certificate for each of the services.
You can configure the system to use your own trusted certificates, using the procedure described in this chapter. To be trusted, server certificates must conform to the following guidelines:
- Certificates are signed by a Certificate Authority (CA), trusted by all servers in the organization, whether the CA is commercial or in-house.
- Certificates are issued to each server hosting one of the WCF hosting services (as described below).
- Certificates' common name should be the Fully Qualified Domain Name (FQDN) of the server.
- Certificate Subject Alternative Name (DNS) should be the short name (NetBios) of the server.
- The certificate must have the following extensions defined:
- Key Usage: Digital Signature, Key Encipherment.
- Enhanced Key Usage: Server Authentication, Client Authentication.
The certificate may have other key usages, but it must have at least those mentioned above.