Export (0) Print
Expand All

Stage 4: Manage DuetRoot certificate in Duet Enterprise for SharePoint and SAP Server 2.0

Duet Online
 

Applies to: Duet Enterprise for Microsoft SharePoint and SAP Server 2.0

Topic Last Modified: 2013-12-18

Summary: Learn how to manage the DuetRoot certificates in Duet Enterprise 2.0, the fourth stage in an installation of Duet Enterprise 2.0 in a SharePoint Server 2013 environment.

This article describes the procedure to manage the root authority certificates in Duet Enterprise for Microsoft SharePoint and SAP Server 2.0.

NoteNote:
You can name these certificates whatever you like, but to help guide you through these procedures, we recommend that you name them DuetRoot.pfx and DuetRoot.cer.

In this article:

You can either create a self-signed DuetRoot.pfx certificate or obtain one from a Certificate Authority.

Do one of the following:

Create a self-signed root certificate by using the DuetConfig.exe -CreateSelfSignedCertificate command. Use this procedure if you want to create a self-signed certificate. This procedure creates a self-signed certificate that is issued by the Duet Root Certificate Authority.

To create the DuetRoot.pfx self-signed certificate
  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig - CreateSelfSignedCertificate -Path c:\DuetRoot.pfx -Password

    (If no password is given here, you are prompted to enter one after you press ENTER. If that occurs, enter a password and press ENTER again.) Record this password.

  4. At the command prompt, you receive the following message: Certificate "c:\DuetRoot.pfx" has been generated successfully.

  5. The Duet Enterprise Root certificate is now created and is ready to be configured for use with the Secure Store Service service application.

  6. You are now ready configure the DuetRoot.pfx certificate and create a target application with it in the Secure Store Service service application.

  7. Skip to the Configure the DuetRoot.pfx certificate section below.

If you obtain a certificate from a Certificate Authority for use as the DuetRoot.pfx certificate, it must contain the following:

  • Basic Constraints Extension. This extension is used to indicate that the certificate is a certificate authority.

  • Usage Extensions. These extensions define the purpose of the public key that is contained in the certificate. The following table describes the key usage extensions.

     

    Key Usage Extension Name Description

    KeyCertSign

    The key can be used to sign certificates.

    DataEncipherment

    The key can be used for data encryption.

    KeyEncipherment

    The key can be used for key encryption.

    NonRepudiation

    The key can be used for authentication.

    DigitalSignature

    The key can be used as a digital signature.

NoteNote:
The following procedures in this article assume that the file name of the certificate is DuetRoot.pfx.

Use this procedure to configure the DuetRoot.pfx certificate and create a target application in the Secure Store Service service application.

To configure the DuetRoot.pfx certificate
  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig.exe -ConfigureRootCertificate -SecureStoreServiceApplicationName <Name of Secure Store Service Application> -Path <Root Certificate file path> [Password you used when you created the DuetRoot.pfx file]

  4. At the command prompt, you receive the following message: Duet Root certificate has been configured in SecureStore with target application name DuetApp.

  5. For verification, navigate to the Secure Store Service service application page and confirm that the target application DuetApp is shown.

Use this procedure to export the client certificate that you created and configured. After exporting the DuetRoot.pfx certificate as DuetRoot.cer, you must give it to the SAP administrator.

To export the client certificate
  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig -ExportRootCertificate -Path c:\DuetRoot.cer

  4. At the command prompt, you receive the following message: Root certificate for Duet is exported successfully to file c:\DuetRoot.cer.

When the DuetRoot.cer certificate is successfully exported, you need to share it with the SAP administrator.

NoteNote:
In the path C:\ there are two DuetRoot certificates. One is listed as type: Security Certificate and one is listed as type: Personal Information. The DuetRoot.pfx is listed as type: Personal Information and the DuetRoot.cer is listed as type: Security Certificate. You will give the DuetRoot.cer certificate that is listed as type: Security Certificate to the SAP administrator.

Give the DuetRoot.cer certificate (type: Security Certificate) file to the SAP administrator.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft