Documentation Center

Creating certificates

You can purchase certificates from an issuing authority or generate self-signed certificates. The following procedure describes how to create self-signed certificate on Windows 2008 (using IIS 7.5) and export public and private versions of the "Token Issuer" and "Core Service" certificates.

Creating a self-signed certificate

You can create certificates in Internet Information Services (IIS).

Procedure

  1. On your Content Manager Server, open IIS.
  2. Select your local computer and open Server Certificates
  3. Select the action Create Self-Signed Certificate
  4. Enter a Friendly name, for example Token Issuer.
  5. Repeat the procedure to create a certificate called Core Service.

Exporting a self-signed certificate

You need to export the certificates twice, once with a public key included and once with just a private key.

Procedure

  1. Start Microsoft Management Console (MMC).
  2. Go to File > Add/Remove Snap-in....
  3. Select Certificates and click Add.
  4. Select Computer account and click Next.
  5. Select Local Computer and click Finish.
  6. Click OK to close Add/Remove Snap-in...
  7. Select the node Certificates (Local Computer) > Personal > Certificates.
  8. Select the Token Issuer certificate and choose and All Tasks > Export... in the context menu:
    1. In the Certificate Export Wizard, click Next.
    2. Select Yes, export the private key and click Next.
    3. Leave the Export File Format default settings unchanged and click Next.
    4. Enter tridion twice for Password and click Next.
    5. Browse to a location on the file system and enter a File name, for example Token Issuer private.pfx, and click Next.
    6. Click Finish to complete the export.
    The Certificate Export Wizard confirms the export was successful and closes the dialog.
  9. Select the Token Issuer certificate again and choose and All Tasks > Export... in the context menu:
    1. In the Certificate Export Wizard, click Next.
    2. Select No, do not export the private key and click Next.
    3. Leave the Export File Format default settings unchanged (note these will be different from the previous export) and click Next.
    4. Browse to a location on the file system and enter a File name, for example Token Issuer public.cer, and click Next.
    5. Click Finish to complete the export.
    The Certificate Export Wizard confirms the export was successful and closes the dialog.
  10. Add the Token Issuer certificate to trusted certificates:
    1. Open the node Certificates (Local Computer) > Personal > Certificates.
    2. Select the certificate Token Issuer certificate in the list and choose Copy in the context menu.
    3. Select the node Certificates (Local Computer) > Trusted People > Certificates and select Paste in the context menu.
  11. Grant permissions for the Token Issuer certificate:
    1. Open the node Certificates (Local Computer) > Personal > Certificates.
    2. Select the certificate Token Issuer certificate in the list and choose All tasks > Manage Private keys.
    3. Grant read access to the following users:
      • The Application Pool user under which the Content Manager Explorer Web site is running: to find out the user, open IIS and go to Application Pools > SDL Tridion > Advanced Settings > Identity (the default user is Network Service)
      • The Tridion Content Manager Service Host user: to find out the user, open Component Services and go to Services > Tridion Content Manager Service Host > Properties > Logo On (the default user is the Local System account)
  12. Repeat the procedure to export public and private versions of the Core Service certificate and grant permissions for the certificate.