The PSG identifies the TLS certificate to use by means of the server name and certificate Friendly name. You must set the Friendly name value in the Windows registry on the Connection Server or security server computer on which the PSG is running.
The certificate Friendly name vdm is used by all Connection Server instances and security servers. By contrast, you can configure your own certificate Friendly name for the PSG certificate. You must configure a Windows registry setting to enable the PSG to match the correct name with the Friendly name that you will set in the Windows certificate store.
The PSG can use the same TLS certificate as the server on which the PSG is running. If you configure the PSG to use the same certificate as the server, the Friendly name must be vdm.
The Friendly name value, in both the registry and the Windows certificate store, is case sensitive.
Prerequisites
- Verify that the Window registry contains the correct subject name that is used to reach the PSG port and that matches the PSG certificate subject name or subject alternate name. See Verify That the Server Name Matches the PSG Certificate Subject Name.
- Verify that the certificate Friendly name is configured in the Windows local computer certificate store. See Configure a PSG Certificate in the Windows Certificate Store.
Procedure
What to do next
Verify that client devices continue to connect to the PSG.
If you are using a security scanner for compliance testing, scan the PSG port.