Introduction

This section lists the certificate process for ECF.

Since the HTTPS port is a mandatory setting for ECF Web Server in IA, a server-type certificate must be installed on the server. And depending on your selected ECF Web Server settings, other certificates are also required.

1. Generate a certificate request for the server with the OID value 1.3.6.1.5.5.7.3.1.

   To secure communication between ECF Web Server and Restful Interfaces, add the IP addresses of both ECF VU and RI VU to both ECF and RI certificate request extensions, see example in the installation of Embedded Communications Framework (ECF).

2. Acquire the certificate.

3. Receive and install the certificate. To secure communication between ECF Web Server and Restful Interfaces, enter the certificate to Java home.

4. Verify the certificate.

5. Choose the correct procedures:

   • If you choose ECF Web Server variables > Server Connection Security > Tomcat Connector Type > ARP/Native Connector, define ARP/Native Settings and create pem certificate files for APR.

   • If you choose ECF Web Server variables > Server Connection Security > Tomcat Connector Type > Java Non Blocking Connector, you must choose Keystore Type:

     • For Java Keystore file, define Keystore Settings and Java Keystore Settings and generate a Keystore.

     • For Windows Personal Certificate, define Keystore Settings and configure Windows certificates. Note that the certificate must be installed into Personal Certificates of the user who is used when the HAC service is run. Certificate key enhanced usage must contain Server Authentication (1.3.6.1.5.5.7.3.1).

       Note:

       As of 1702 Windows keystore is supported in Microsoft Windows Server 2012, and later versions only.

   • If you use a certificate to authenticate users:

     • For Keystore, generate a Truststore.

     • For Windows, configure Windows certificates.