Protecting Certificate Private Keys

You must change the security settings of the Ecfs_keystore and Ecfcert_key.pem files because only Administrators (HAC Administration User belongs to this group) and SYSTEM can have access to these files.

  1. Right-click Ecfs_keystore and choose Properties > Security > Advanced.

  2. Click Disable inheritance and choose Convert inherited permissions into explicit permissions on this object.

  3. Then choose Users and any other groups or individual users that may be in the Permission entries list and click Remove.

    Only Administrators and SYSTEM should be in the list.

  4. Perform the same tasks on the Ecfcert_key.pem file.

You must also remove the temporary files mycert.cer and ecfcert.pfx that are generated during certificate creation.