(tick)Note: The following steps are applicable during Presence Assistant Component Installation only when you want to authenticate not just via credentials but also via security certificate issued by your IT.

One of the requirements for building service-oriented system is to protect the transmitted data. To guarantee the safety of this data, Luware products provide the possibility to use certificate-based encryption and verification during the communication between a client and a server. The client identifies itself with this certificate. The service accesses the server to confirm the authenticity of the certificate - and in extension -  the client. 

Certificate Setup during Installation

The certificate security can be configured during installation of Luware components and services. There are two sets of settings that can be configured:

  • Server settings: The server settings specify which settings the service will use to validate other services when they try to reach this service.
  • Client settings: The client settings specify which settings the service will use while connecting to other services.

To configure certificate security select 'Configure Certificate Security' flag during installation:

Upon clicking 'Next' button with this flag enabled you will be presented an extra step to configure options:

Control Name

Required?

Description

Mode

No

  • None : No security is applied during the communication between a server and a client.
  • Transport: Enables security of communication between a client and a service via network protocol. Guarantees confidentiality and integrity of messages at transport level, since transport security secures the entire communication channel.

Validation Mode

No

  • None: No validation is performed.
  • ChainTrust: : In this mode WCF simply validates the certificate against the issuer of a certificate known as a root authority (the expiration time is checked, too).
  • PeerTrust: In this mode WCF simply checks if the incoming certificate is installed in the Local machinePersonal  folder in the certificate store (the expiration time is checked, too).
  • PeerOrChainTrust: Mixed mode.

Is Dedicated

No

  • False: Encryption is done with default certificate. It means that certificate with the hostname of the machine from the Personal Store is used on the server side.
  • True: Encryption is done with a dedicated certificate. It means there is a possibility to configure an identifier (thumbprint) of the certificate.

Thumbprint

No

A certificate thumbprint is a hexadecimal string that uniquely identifies a certificate. A thumbprint is calculated from the content of the certificate using a thumbprint algorithm.

→ This is to be generated via Microsoft Management Console. Read more about it on the "Retrieve Thumbprint of a Certificate" page from Microsoft.

Important Notes

When copied from the source the thumbprint is unicode encoded but you need it in plain ASCII → Notepad++ or any equivalent editor is a great help to convert it.

(tick) Don't forget to set up permissions for the certificate private key so that the service account can access it.