assureon installation guide - certificates...assureon installation guide 5. select the der encoded...

Assureon Installation Guide

– Client Certificates

for Version 6.4


Publication info© 2011 Nexsan Technologies Canada Inc.All rights reserved.

Published by:

Nexsan Technologies Canada Inc.1405 Trans Canada Highway, Suite 300 Dorval, QC. H9P 2V9. CANADA

Telephone: 514.683.1020Fax: 514.683.1554www.nexsan.com

Assureon Installation Guide – CertificatesVersion 6.4Publication date: August 24, 2011

TrademarksAssureon is a registered trademark of Nexsan Technologies. SATABlade, SATABoy and SATABeast are

trademarks of Nexsan Technologies. Microsoft, Microsoft Windows, Microsoft Internet Explorer, Microsoft

SQL Server, and Microsoft Visual Studio .NET are registered trademarks of Microsoft Corporation.

No part of this document may be reproduced or transmitted in any form or by any means, electronic or

mechanical, including photocopying, recording or by any information storage and retrieval system, without

prior permission in writing from Nexsan Technologies.

The information in this manual is believed to be correct at the time of publication. However, Nexsan

Technologies makes no warranty, express or implied, about the accuracy of the information and reserves

the right to revise this document or make changes to the products described herein at any time without

notice and without obligation. Nexsan Technologies is not liable for any loss of data, damage to databases

or other software, or any other losses arising from the use of this manual.

2

http://www.nexsan.com/

Certificates

ContentsAbout this guide..............................................................................................................................4

Audience.....................................................................................................................................4How to use this guide.................................................................................................................4

Prerequisites...................................................................................................................................4Overview.........................................................................................................................................5Create User Certificate...................................................................................................................6

Export the user certificate to file – .cer file..................................................................................8Export the user certificate to file – .pfx file................................................................................11

Install and Configure User Certificate on client.............................................................................14Configure Assureon Client Service to use the certificate..........................................................16

Map User Certificate.....................................................................................................................18Set Organization Security (ADAM only)........................................................................................19

3


About this guideThis guide contains detailed information on configuring the Assureon client to use certificate

authentication.

AudienceThis guide is intended for end-users who with to use digital certificates (which includes ADAM) as

their authentication mechanism. Do NOT perform the procedures described in this manual if the

customer is using the Windows Trust authentication or anonymous access security mechanisms.

How to use this guideThis guide is intended to be performed from beginning to end.

PrerequisitesTo perform the procedures described in this guide, you will need an Assureon system where the

Windows operating system and Assureon have been installed. In addition, you will need an

Assureon client to have been installed.

4

Certificates

OverviewIf a customer is planning to use the digital certificate or ADAM security models, the Assureon

client must be configured to use digital certificates.

The steps are as follows:

§ Create User certificate and export it (in 2 formats)

§ Map certificates to Assureon users

§ Install certificates on client machines

§ Map certificates to organizations (ADAM only)

5


Create User CertificateA user certificate is used by Assureon to authenticate clients to the server. The user certificate is

created on F001 and exported and installed on the client machine. It is also copied and mapped

on all Assureon front-ends. If a server goes down, the user can still be authenticated. To create

and install a user certificate:

1. On the primary Assureon server (F001), launch IE and point to https://localhost/certsrv to

request a user certificate from the Certification Authority. Be careful to use https and not http.

2. If prompted, enter the domain\AssureonAdmin user and password.

3. Click Request a certificate, then advanced certificate request.

4. Click Create and submit a request to this CA.

5. In the Identifying Information section, specify the following Name for the certificate:

Nexsan Authentication Certificate FSWcomputerName.

For the other fields, use the customer information.

6. For Type of Certificate Needed, select Client Authentication Certificate.

7. For Key Options, verify that the following are selected:

§ Create new key set

§ CSP: Microsoft Enhanced RSA and AES Cryptographic Provider

§ Key Usage: Both

§ Automatic key container name

§ Key Size: 1024

§ Mark keys as exportable

8. For Additional Options, verify and specify the following:

§ Request Format: CMC

§ Hash Algorithm: sha1

§ Friendly Name: type: Nexsan Authentication Certificate FSWcomputerName.

This name will appear when selecting the certificate from Assureon Client Services.

9. Click Submit. The Web Access Confirmation dialog is displayed.

10. Click Yes.

The Certificate Issued page appears.

11. Click Install this certificate. A Web Access Confirmation dialog is displayed.

6

Certificates

12. Click Yes to install the certificate. The certificate is installed.

7


Export the user certificate to file – .cer fileThe .cer file is used for mapping.

1. Still in IE, click Tools, Internet Options, Content tab, Certificates.

The Certificates dialog appears.

2. In the Personal tab, click on the user certificate you just created and click Export.

The Welcome to the Certificate Export Wizard appears.

8

Certificates

3. Click Next. The Export Private Key dialog appears.

4. Select No, do not export the private key and click Next.

The Export File Format dialog appears.

9


5. Select the DER encoded binary X.509 (.CER) option and click Next.

The File to Export dialog appears.

6. Specify a file name and the Assureon Installers location, for example,

\\localhost\Installers\FSWcomputerName, and click Next.

The Completing the Certificate Export wizard dialog appears.

7. Click Finish. The Export was successful message appears.

8. Click OK.

10

Certificates

Export the user certificate to file – .pfx fileThe .p7b file is used for installing the exported certificate on another computer.

1. In the Certificates dialog, click on the user certificate you created and click Export.

The Welcome to the Certificate Export Wizard appears.

2. Click Next. The Export Private Key dialog appears.

3. Select Yes, export the private key and click Next.

The Export File Format dialog appears.

11


4. Select both the Personal Information Exchange – PKCS #12 (.PFX) and Include all certificates in the certification path if possible options.

5. Click Next. The Password dialog appears.

6. Specify a password and click Next.

12

Certificates

7. The File to Export dialog appears. Specify a file name and the Assureon Installers location,

for example, \\localhost\Installers\FSWcomputerName, and click Next.

The Completing the Certificate Export wizard dialog appears.

8. Click Finish. The Export was successful message appears.

9. Click OK.

10. Close the Certificates dialog.

11. Click OK to close the Internet Options dialog.

13


Install and Configure User Certificate on clientTo use certificates between the Assureon client and server, the certificate must be installed and

configured on the client.

Install certificate on client1. Login to the client as the user who will be running the Assureon client services. The certificate

must be installed under the same account or else the certificate cannot be loaded.

If you are using ADAM, login as the user who installed ADAM.

2. Launch Windows Explorer and access the Installers folder on the server.

3. Copy the .pfx file certificate you created on page 11 to the client.

4. Right-click the .pfx file and chose Install PFX.

The Welcome to the Certificate Import Wizard dialog appears.

5. Click Next. The File to Import dialog appears.

14

Certificates

6. The correct file is already selected, so click Next.

7. Type the password. The only option that should be selected is Include all extended properties. Click Next.

8. Certificate Store dialog appears. Keep the default and click Next.

15


9. The Completing the Certificate Import Wizard dialog appears. Click Finish. A Security

Warning appears.

10. Click Yes to install the certificate. The import was successful message appears.

11. Click OK.

Configure Assureon Client Service to use the certificate1. On the client machine, right-click the Client Service Taskbar icon and select Options.

2. Click the Authentication tab.

16

Certificates

3. Select the Use Client Certificate option and then select the Client Certificate called Nexsan

Authentication Certificate from the list.

4. Click OK.

5. When prompted to restart the Assureon Client Services (called FSW Monitor, Assureon FSW

Service and Assureon Events Manager), click Yes.

6. If you get a warning, click OK.

17


Map User CertificateUser certificates must be mapped to an Assureon user account in order to access archived files.

For example, a certificate mapped to User1 who is a member of the FSOrganizations,

Org1.AssureonUsers and Org1.Assureon.Class1 Assureon security groups will have access to

the files stored using the Class1 classification.

Perform this procedure on all front-end servers:

1. Copy the .cer file in the installers folder on F001 to the server.

2. Launch the Assureon System Administration console, and click Advanced, IIS Administration.

3. In the Certificate Mapping area, click Browse and open the user certificate file (.cer) you

copied from the F001 installers folder.

4. Type a Mapping Name, and then specify a user and password that is a member of one or

more Assureon Active Directory classifications. Typically, if files are stored and read by an

application, such as an email archive, the AssureonEdge account is used.

Note: include the domain name in the Account field.

5. Click Add. The mapping is added to the table.

18

Certificates

Set Organization Security (ADAM only)If you are using the ADAM security model, you must also map a certificate to an organization. On

F001 and F101 (if applicable) only:

1. Launch the Assureon System Administration console, and click Advanced, IIS Administration.

2. In the Certificate Mapping area, use your mouse to select the certificate serial number you

want to associate to an organization.

3. Press Ctrl-C to copy the serial number.

4. In the System Administration console, click the Organization Security tab. The Organization

Security page is displayed.

5. Select an Organization.

6. Click in the Certificate Serial Number box and press Ctrl-V to paste the serial number.

7. Click Add. The table is refreshed with the new mapping.

19

assureon installation guide - certificates...assureon installation guide 5. select the der encoded...

Documents