Using Trusted Certificates

Administrators can provide their own certificates for the server services only. To be trusted, server certificates must conform to the following guidelines:

• Certificates are signed by a commercial or in-house CA that is trusted by all servers in the organization.

• Certificates are issued to each server hosting one of the Windows Communication Foundation (WCF) hosting services.

• Certificates include the server name as it is to be used by File Access Manager – whether it is a short name or a Fully Qualified Domain Name (FQDN) in the Subject or in the Subject Alternative Names list.

• At minimum, the certificate must have the following extensions defined:

  • Key Usage: Digital Signature, Key Encryption

  • Enhanced Key Usage: Server Authentication, Client Authentication

Note: See the installation guide for a detailed description on using local certificates for File Access Manager and configuring the website to use SSL.