You must import the TLS server certificate into the Windows local computer certificate store on the Windows Server host on which the Connection Server instance or security server service is installed.

This scenario uses a certificate file in PKCS#12 (PFX) format.

Depending on your certificate file format, the entire certificate chain that is contained in the keystore file might be imported into the Windows local computer certificate store. For example, the server certificate, intermediate certificate, and root certificate might be imported.

For other types of certificate files, only the server certificate is imported into the Windows local computer certificate store. In this case, you must take separate steps to import the root certificate and any intermediate certificates in the certificate chain.

For more information about certificates, consult the Microsoft online help available with the Certificate snap-in to MMC.

Prerequisites

Verify that the TLS server certificate is in PKCS@12 (PFX) format. See Convert a Certificate File to PKCS#12 Format.

Procedure

  1. In the MMC window on the Windows Server host, expand the Certificates (Local Computer) node and select the Personal folder.
  2. In the Actions pane, go to More Actions > All Tasks > Import.
  3. In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
  4. Select the certificate file and click Open.
    To display your certificate file type, you can select its file format from the File name drop-down menu.
  5. Type the password for the private key that is included in the certificate file.
  6. Select Mark this key as exportable.
  7. Select Include all extended properties.
  8. Click Next and click Finish.
    The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder.
  9. Verify that the new certificate contains a private key.
    1. In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.
    2. In the General tab of the Certificate Information dialog box, verify that the following statement appears: You have a private key that corresponds to this certificate.

What to do next

Modify the certificate Friendly name to vdm.