During installation of varous Luware components you can opt in to "Configure Certificate Security" options. On these dialogues the certificate thumbprints need to be provided. 

(info) Also read the official → Microsoft documentation on this topic

To find the thumbprint of a certificate use the Microsoft Management Console (MMC) to get access to a certificate and then read its thumbprint in the properties.

  1. Open the Start Menu , type mmc and press ENTER.
  2. In the Console add a certificate snap-in:
    1. On the File menu, click Add/Remove Snap In (or press Ctrl+N)
    2. In the Add or remove Snap-ins dialog box, select Certificates.
    3. Click Add.
      → the entry is moved to selected snap-ins.
    4. In the Certificates snap-in dialog box, select "Computer account" and click "Next"
    5. In the Select Computer dialog box select "Local Computer" and click Finish
    6. In the Add or remove Snap-ins dialog box, click OK.
      → The window is closed

  3. In the Console Root window, expand Certificates (Local Computer) > Personal > Certificates
    1. In the central panel, double-click the certificate.
    2. In the Certificate dialog box select the Details tab.
    3. Select Thumbprint in the list and copy the thumbprint hexadecimal string
    4. Encode the copied string in ANSI (use Notepad++) and remove first hidden characters.

      (lightbulb) This string is to be used during installation of Luware components



Configure Certificate during LUCS Components Installation

One of the requirements for building service-oriented system is to protect the transmitted data. To guarantee the safety of this data, Luware products provide the possibility to use certificate-based encryption and verification during the communication between a client and a server. The client identifies itself with this certificate. The service accesses the server to confirm the authenticity of the certificate - and in extension -  the client. 

Certificate Setup during Installation

The certificate security can be configured during installation of Luware components and services. There are two sets of settings that can be configured:

  • Server settings: The server settings specify which settings the service will use to validate other services when they try to reach this service.
  • Client settings: The client settings specify which settings the service will use while connecting to other services.

To configure certificate security select 'Configure Certificate Security' flag during installation:

Upon clicking 'Next' button with this flag enabled you will be presented an extra step to configure options:

Control Name

Required?

Description

Mode

No

  • None : No security is applied during the communication between a server and a client.
  • Transport: Enables security of communication between a client and a service via network protocol. Guarantees confidentiality and integrity of messages at transport level, since transport security secures the entire communication channel.

Validation Mode

No

  • None: No validation is performed.
  • ChainTrust: : In this mode WCF simply validates the certificate against the issuer of a certificate known as a root authority (the expiration time is checked, too).
  • PeerTrust: In this mode WCF simply checks if the incoming certificate is installed in the Local machinePersonal  folder in the certificate store (the expiration time is checked, too).
  • PeerOrChainTrust: Mixed mode.

Is Dedicated

No

  • False: Encryption is done with default certificate. It means that certificate with the hostname of the machine from the Personal Store is used on the server side.
  • True: Encryption is done with a dedicated certificate. It means there is a possibility to configure an identifier (thumbprint) of the certificate.

Thumbprint

No

A certificate thumbprint is a hexadecimal string that uniquely identifies a certificate. A thumbprint is calculated from the content of the certificate using a thumbprint algorithm.

→ This is to be generated via Microsoft Management Console. Read more about it on the "Retrieve Thumbprint of a Certificate" page from Microsoft.

Important Notes

When copied from the source the thumbprint is unicode encoded but you need it in plain ASCII → Notepad++ or any equivalent editor is a great help to convert it.

(tick) Don't forget to set up permissions for the certificate private key so that the service account can access it.