Connection Server in FIPS-Compliant Mode Installation Certificate Requirements

A new installation of Connection server in FIPS-compliant mode requires the CA-signed vdm certificate to be placed in the Windows certificate store. The installer checks for the presence of this certificate before proceeding with the installation.

The steps to request and install this certificate are the same as described for the current TLS certificate workflow. See Overview of Tasks for Setting Up TLS Certificates for details.

The vdm certificate requirements are as follows.

Subject name: FQDN of CS or wildcard matching FQDN
SAN: FQDN of CS or wildcard matching FQDN
EKU: Server authentication
Set friendly name: vdm
Private key must be marked exportable.
Signature algorithm to use: SHA384/SHA512