Stage 4: Manage DuetRoot certificate in Duet Enterprise for SharePoint and SAP Server 2.0
Applies to: Duet Enterprise for Microsoft SharePoint and SAP Server 2.0
Summary: Learn how to manage the DuetRoot certificates in Duet Enterprise 2.0, the fourth stage in an installation of Duet Enterprise 2.0 in a SharePoint Server 2013 environment.
This article describes the procedure to manage the root authority certificates in Duet Enterprise for Microsoft SharePoint and SAP Server 2.0.
Note
You can name these certificates whatever you like, but to help guide you through these procedures, we recommend that you name them DuetRoot.pfx and DuetRoot.cer.
In this article:
Create or obtain the DuetRoot.pfx certificate
Configure the DuetRoot.pfx certificate
Export the DuetRoot.pfx certificate as DuetRoot.cer
Share the DuetRoot.cer with the SAP administrator
Create or obtain the DuetRoot.pfx certificate
You can either create a self-signed DuetRoot.pfx certificate or obtain one from a Certificate Authority.
Do one of the following:
Create the DuetRoot.pfx self-signed certificate.
Obtain the DuetRoot.pfx certificate from a Certificate Authority.
Create the DuetRoot.pfx self-signed certificate
Create a self-signed root certificate by using the DuetConfig.exe -CreateSelfSignedCertificate command. Use this procedure if you want to create a self-signed certificate. This procedure creates a self-signed certificate that is issued by the Duet Root Certificate Authority.
To create the DuetRoot.pfx self-signed certificate
As administrator, open a Windows Command Prompt window.
At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
At the command prompt, type the following command, and then press ENTER:
DuetConfig - CreateSelfSignedCertificate -Path c:\DuetRoot.pfx -Password
(If no password is given here, you are prompted to enter one after you press ENTER. If that occurs, enter a password and press ENTER again.) Record this password.
At the command prompt, you receive the following message: Certificate "c:\DuetRoot.pfx" has been generated successfully.
The Duet Enterprise Root certificate is now created and is ready to be configured for use with the Secure Store Service service application.
You are now ready configure the DuetRoot.pfx certificate and create a target application with it in the Secure Store Service service application.
Skip to the Configure the DuetRoot.pfx certificate section below.
Obtain the DuetRoot.pfx certificate from a Certificate Authority
If you obtain a certificate from a Certificate Authority for use as the DuetRoot.pfx certificate, it must contain the following:
Basic Constraints Extension. This extension is used to indicate that the certificate is a certificate authority.
Usage Extensions. These extensions define the purpose of the public key that is contained in the certificate. The following table describes the key usage extensions.
Key Usage Extension Name Description KeyCertSign
The key can be used to sign certificates.
DataEncipherment
The key can be used for data encryption.
KeyEncipherment
The key can be used for key encryption.
NonRepudiation
The key can be used for authentication.
DigitalSignature
The key can be used as a digital signature.
Note
The following procedures in this article assume that the file name of the certificate is DuetRoot.pfx.
Configure the DuetRoot.pfx certificate
Use this procedure to configure the DuetRoot.pfx certificate and create a target application in the Secure Store Service service application.
To configure the DuetRoot.pfx certificate
As administrator, open a Windows Command Prompt window.
At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
At the command prompt, type the following command, and then press ENTER:
DuetConfig.exe -ConfigureRootCertificate -SecureStoreServiceApplicationName <Name of Secure Store Service Application> -Path <Root Certificate file path> [Password you used when you created the DuetRoot.pfx file]
At the command prompt, you receive the following message: Duet Root certificate has been configured in SecureStore with target application name DuetApp.
For verification, navigate to the Secure Store Service service application page and confirm that the target application DuetApp is shown.
Export the DuetRoot.pfx certificate as DuetRoot.cer
Use this procedure to export the client certificate that you created and configured. After exporting the DuetRoot.pfx certificate as DuetRoot.cer, you must give it to the SAP administrator.
To export the client certificate
As administrator, open a Windows Command Prompt window.
At the command prompt, navigate to the folder that contains the DuetConfig.exe file. By default, this is the C:\Program files\Duet Enterprise\2.0\ folder.
At the command prompt, type the following command, and then press ENTER:
DuetConfig -ExportRootCertificate -Path c:\DuetRoot.cer
At the command prompt, you receive the following message: Root certificate for Duet is exported successfully to file c:\DuetRoot.cer.
Share the DuetRoot.cer with the SAP administrator
When the DuetRoot.cer certificate is successfully exported, you need to share it with the SAP administrator.
Note
In the path C:\ there are two DuetRoot certificates. One is listed as type: Security Certificate and one is listed as type: Personal Information. The DuetRoot.pfx is listed as type: Personal Information and the DuetRoot.cer is listed as type: Security Certificate. You will give the DuetRoot.cer certificate that is listed as type: Security Certificate to the SAP administrator.
Give the DuetRoot.cer certificate (type: Security Certificate) file to the SAP administrator.
See also
Install Duet Enterprise for SharePoint and SAP Server 2.0
Install and configure Duet Enterprise for SharePoint and SAP Server 2.0