Replace a Certificate Generated by Setup by a Trusted CA-Generated Certificate

Prerequisites:  

  • Obtain the root CA certificate and export it to a Base64 encoded file.

  • Obtain the client certificate from the issuing CA - export the certificate and private key into a PKCS#12 (.pfx) file. Make sure that the full certificate chain is exported to the .pfx file.

  • A user entry in the directory exists for a user who has been issued the above certificate and private key.

  • This user entry can be found through the Operator Portal when searching the directory.

  1. Make sure the Root CA is trusted by the ActivID CMS server.

  2. Import the certificate into the Trusted Root Certificate Authorities container in the machine certificate store.

  3. Obtain the certificate subject, exactly as it is on the certificate.

    • You may need to go to the CA to view the issued certificate in order to get this information.

    • Connect to the Operator Portal. ActivID CMS displays the exact certificate subject string for the operator subject.

  4. Log on to ActivID CMS using the original ActivID CMS installer-generated client certificates.

  5. Enroll the directory user entry as an operator with the appropriate role. Supply the certificate subject obtained in step 3. (The entry must be exactly the same as the subject in the certificate, including white-space and case.)

  6. Import the client .pfx file into the local certificate store on your machine (that is, the machine that you use to access the Operator Portal).