A new installation of Connection server in FIPS-compliant mode requires the CA-signed vdm certificate to be placed in the Windows certificate store. The installer checks for the presence of this certificate before proceeding with the installation.
The steps to request and install this certificate are the same as described for the current TLS certificate workflow. See Overview of Tasks for Setting Up TLS Certificates for details.
The vdm
certificate requirements are as follows.
- Subject name: FQDN of CS or wildcard matching FQDN
- SAN: FQDN of CS or wildcard matching FQDN
- EKU: Server authentication
- Set friendly name:
vdm
- Private key must be marked exportable.
- Signature algorithm to use: SHA384/SHA512