Any Storage Platform can serve the Redstor-signed security certificate as well as one or more CA-signed certificates of your choice. If a certificate has the correct host name and is located in the Windows Certificate Store, the Redstor AccountServer will automatically serve it to any browser-based connection. This means that your browser will no longer present a security warning when you open a Redstor Pro report over HTTPS.
To enable support for an additional certificate:
1. Install the CA-provided certificate that should be served into the Local Machine certificate store.
- Run "CertLM.msc".
- Import the certificate into the personal certificate store.
Note: Security best practices dictate that when the certificate is imported, the option to Allow private key to be exported should not be enabled.
2. Configure the AccountServer/StorageServer to serve the CA-provided certificate by navigating to the following address in a web browser (replacing <accountServer> with the correct address):
https://<accountServer>/api/system/settings?UseTrustedCertificates=true
After that, the server will serve any valid (non-expired) certificate from the certificate store if it matches the address that a user’s browser is connecting to.
Note:
- ESE Agents will still receive the Redstor-supplied platform certificate.
- Third-party tools may or may not receive the CA-provided certificate, depending on the details of the protocol they use to connect. Most modern browsers (including on iOS & Android) will receive the CA-provided certificate.
Comments
0 comments
Please sign in to leave a comment.