Protecting Certificate Private Keys
You must change the security settings of the Ecfs_keystore and Ecfcert_key.pem files because only Administrators (HAC Administration User belongs to this group) and SYSTEM can have access to these files.
-
Right-click Ecfs_keystore and choose .
-
Click Disable inheritance and choose Convert inherited permissions into explicit permissions on this object.
-
Then choose Users and any other groups or individual users that may be in the Permission entries list and click Remove.
Only Administrators and SYSTEM should be in the list.
-
Perform the same tasks on the Ecfcert_key.pem file.
You must also remove the temporary files mycert.cer and ecfcert.pfx that are generated during certificate creation.