The first step in automating SSL certificate install is importing the certificate and recording the thumbprint.

Procedure

  1. Add the certificate snap-in to MMC by performing the steps below.

    In order to add certificates to the Windows certificate store, you must first add the certificate snap-in to the Microsoft Management Console (MMC). Before you begin, verify that the MMC and certificate snap-in are available on the Windows guest operating system.

    1. On the desktop, click Start and type mmc.exe
    2. In the MMC window, select File > Add/Remove Snap-in.
    3. In the Add or Remove Snap-ins window, select Certificates and click Add.
    4. In the Certificates snap-in window, select Computer account, click Next, select local computer, and click Finish.
    5. In the Add or Remove snap-in window, click OK.
  2. Import a certificate for the HTML Access Agent into the Windows Certificate Store by performing the steps below.

    To replace a default HTML Access Agent certificate with a CA-signed certificate, you must import the CA-signed certificate into the Windows local computer certificate store. Before you begin, verify that the HTML Access Agent is installed, the CA-signed certificate was copied to the desktop, and the certificate snap-in was added to MMC (see Step 1 above).

    1. In the MMC window, expand the Certificates (Local Computer) node and select the Personal folder.
    2. In the Actions pane, select More Actions > All Tasks > Import.
    3. In the Certificate Import wizard, click Next and browse to the location where the certificate is stored.
    4. Select the certificate file and click Open.

      To display your certificate file type, you can select its file format from the File name drop-down menu.

    5. Type the password for the private key that is included in the certificate file.
    6. Select Mark this key as exportable.
    7. Select Include all extendable properties.
    8. Click Next and click Finish.

      The new certificate appears in the Certificates (Local Computer) > Personal > Certificates folder.

    9. Verify that the new certificate contains a private key.

      1. In the Certificates (Local Computer) > Personal > Certificates folder, double-click the new certificate.

      2. In the General tab of the Certificate Information dialog box, verify that the following statement appears: 'You have a private key that corresponds to this certificate'.

  3. Import root and intermediate certificates for the HTML Access Agent.

    If the root certificate and intermediate certificates in the certificate chain are not imported with the SSL certificate that you imported for the HTML Access Agent, you must import these certificates into the Windows local computer certificate store.

    1. In the MMC console, expand the Certificates (Local Computer) node and go to the Trusted Root Certification Authorities > Certificates folder.
      • If your root certificate is in this folder, and there are no intermediate certificates in your certificate chain, skip this procedure.

      • If your root certificate is not in this folder, proceed to step b.

    2. Right-click the Trusted Root Certification Authorities > Certificates folder and click All Tasks > Import.
    3. In the Certificate Import wizard, click Next and browse to the location where the root CA certificate is stored.
    4. Select the root CA certificate file and click Open.
    5. Click Next, click Next, and click Finish.
    6. If your server certificate was signed by an intermediate CA, import all intermediate certificates in the certificate chain into the Windows local computer certificate store.

      1. Go to the Certificates (Local Computer) > Intermediate Certification Authorities > Certificates folder.

      2. Repeat steps c through f for each intermediate certificate that must be imported.

  4. In the certificate MMC window, navigate to the Certificates (Local Computer) > Personal > Certificates folder.
  5. Double-click the CA-signed certificate that you imported into the Windows certificate store.
  6. In the Certificates dialog box, click the Details tab, scroll down, and select the Thumbprint icon.
  7. Copy the selected thumbprint to a text file.

    For example:

    31 2a 32 50 1a 0b 34 b1 65 46 13 a8 0a 5e f7 43 6e a9 2c 3e

    Note:

    When you copy the thumbprint, do not to include the leading space. If you inadvertently paste the leading space with the thumbprint into the registry key (in Step 7), the certificate might not be configured successfully. This problem can occur even though the leading space is not displayed in the registry value text box.