Prepare Certificate Thumbprint
During installation of varous Luware components you can opt in to "Configure Certificate Security" options. On these dialogues the certificate thumbprints need to be provided.
Also read the official → Microsoft documentation on this topic.
To find the thumbprint of a certificate use the Microsoft Management Console (MMC) to get access to a certificate and then read its thumbprint in the properties.
- Open the Start Menu , type mmc and press ENTER.
- In the Console add a certificate snap-in:
- On the File menu, click Add/Remove Snap In (or press Ctrl+N)
- In the Add or remove Snap-ins dialog box, select Certificates.
- Click Add.
→ the entry is moved to selected snap-ins.
- In the Certificates snap-in dialog box, select "Computer account" and click "Next"
- In the Select Computer dialog box select "Local Computer" and click Finish
- In the Add or remove Snap-ins dialog box, click OK.
→ The window is closed
- In the Console Root window, expand Certificates (Local Computer) > Personal > Certificates
- In the central panel, double-click the certificate.
- In the Certificate dialog box select the Details tab.
- Select Thumbprint in the list and copy the thumbprint hexadecimal string
- Encode the copied string in ANSI (use Notepad++) and remove first hidden characters.
This string is to be used during installation of Luware components
Configure Certificate during LUCS Components Installation
One of the requirements for building service-oriented system is to protect the transmitted data. To guarantee the safety of this data, Luware products provide the possibility to use certificate-based encryption and verification during the communication between a client and a server. The client identifies itself with this certificate. The service accesses the server to confirm the authenticity of the certificate - and in extension - the client.
Certificate Setup during Installation
The certificate security can be configured during installation of Luware components and services. There are two sets of settings that can be configured:
- Server settings: The server settings specify which settings the service will use to validate other services when they try to reach this service.
- Client settings: The client settings specify which settings the service will use while connecting to other services.
To configure certificate security select 'Configure Certificate Security' flag during installation:
Upon clicking 'Next' button with this flag enabled you will be presented an extra step to configure options:
A certificate thumbprint is a hexadecimal string that uniquely identifies a certificate. A thumbprint is calculated from the content of the certificate using a thumbprint algorithm.
→ This is to be generated via Microsoft Management Console. Read more about it on the "Retrieve Thumbprint of a Certificate" page from Microsoft.
When copied from the source the thumbprint is unicode encoded but you need it in plain ASCII → Notepad++ or any equivalent editor is a great help to convert it.
Don't forget to set up permissions for the certificate private key so that the service account can access it.