Export (0) Print
Expand All

Stage 4: Manage DuetRoot certificate in Duet Enterprise for SharePoint and SAP Server 2.0

Duet Online

Published: July 16, 2012

Summary: Learn how to manage the DuetRoot certificates in Duet Enterprise 2.0, the fourth stage in an installation of Duet Enterprise 2.0 in a SharePoint Server 2013 environment.

Applies to:  Duet Enterprise for Microsoft SharePoint and SAP Server 2.0 

This article describes the procedure to manage the root authority certificates in Duet Enterprise for Microsoft SharePoint and SAP Server 2.0.

note Note:

You can name these certificates whatever you like, but to help guide you through these procedures, we recommend that you name them DuetRoot.pfx and DuetRoot.cer.

In this article:

Create or obtain the DuetRoot.pfx certificate

You can either create a self-signed DuetRoot.pfx certificate or obtain one from a Certificate Authority.

Do one of the following:

Create the DuetRoot.pfx self-signed certificate

Create a self-signed root certificate by using the DuetConfig.exe -CreateSelfSignedCertificate command. Use this procedure if you want to create a self-signed certificate. This procedure creates a self-signed certificate that is issued by the Duet Root Certificate Authority.

To create the DuetRoot.pfx self-signed certificate

  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig - CreateSelfSignedCertificate -Path c:\DuetRoot.pfx -Password

    (If no password is given here, you are prompted to enter one after you press ENTER. If that occurs, enter a password and press ENTER again.) Record this password.

  4. At the command prompt, you receive the following message: Certificate "c:\DuetRoot.pfx" has been generated successfully.

  5. The Duet Enterprise Root certificate is now created and is ready to be configured for use with the Secure Store Service service application.

  6. You are now ready configure the DuetRoot.pfx certificate and create a target application with it in the Secure Store Service service application.

  7. Skip to the Configure the DuetRoot.pfx certificate section below.

Obtain the DuetRoot.pfx certificate from a Certificate Authority

If you obtain a certificate from a Certificate Authority for use as the DuetRoot.pfx certificate, it must contain the following:

  • Basic Constraints Extension. This extension is used to indicate that the certificate is a certificate authority.

  • Usage Extensions. These extensions define the purpose of the public key that is contained in the certificate. The following table describes the key usage extensions.

    Key Usage Extension Name Description

    KeyCertSign

    The key can be used to sign certificates.

    DataEncipherment

    The key can be used for data encryption.

    KeyEncipherment

    The key can be used for key encryption.

    NonRepudiation

    The key can be used for authentication.

    DigitalSignature

    The key can be used as a digital signature.

note Note:

The following procedures in this article assume that the file name of the certificate is DuetRoot.pfx.

Configure the DuetRoot.pfx certificate

Use this procedure to configure the DuetRoot.pfx certificate and create a target application in the Secure Store Service service application.

To configure the DuetRoot.pfx certificate

  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig.exe -ConfigureRootCertificate -SecureStoreServiceApplicationName <Name of Secure Store Service Application> -Path <Root Certificate file path> [Password you used when you created the DuetRoot.pfx file]

  4. At the command prompt, you receive the following message: Duet Root certificate has been configured in SecureStore with target application name DuetApp.

  5. For verification, navigate to the Secure Store Service service application page and confirm that the target application DuetApp is shown.

Export the DuetRoot.pfx certificate as DuetRoot.cer

Use this procedure to export the client certificate that you created and configured. After exporting the DuetRoot.pfx certificate as DuetRoot.cer, you must give it to the SAP administrator.

To export the client certificate

  1. As administrator, open a Windows Command Prompt window.

  2. At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.

  3. At the command prompt, type the following command, and then press ENTER:

    DuetConfig -ExportRootCertificate -Path c:\DuetRoot.cer

  4. At the command prompt, you receive the following message: Root certificate for Duet is exported successfully to file c:\DuetRoot.cer.

Share the DuetRoot.cer with the SAP administrator

When the DuetRoot.cer certificate is successfully exported, you need to share it with the SAP administrator.

note Note:

In the path C:\ there are two DuetRoot certificates. One is listed as type: Security Certificate and one is listed as type: Personal Information. The DuetRoot.pfx is listed as type: Personal Information and the DuetRoot.cer is listed as type: Security Certificate. You will give the DuetRoot.cer certificate that is listed as type: Security Certificate to the SAP administrator.

Give the DuetRoot.cer certificate (type: Security Certificate) file to the SAP administrator.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback
Show:
© 2014 Microsoft