Use SSL/TSL certificate
When creating the SSL/TLS certificate, note that it should be named Certificate.pfx. The dab Nexus application tries to find an SSL/TLS certificate with this name and issues an error if it is not found.
The certificate can either be loaded from a file in PKCS12/PFX Format (.pfx) or from the Windows certificate store. You can configure this via the CertificateStore property in the configuration file.
There are three possible values:
- File -> Load the certificate from a file called Certificate.pfx in the DAB_NEXUS_HOME directory
- Local machine -> Load the certificate from the machine-wide Windows certificate store
- Current user -> Load the certificate from the Windows certificate store of the current user. Note that this is the user defined for the dab Nexus service, which is the NT AUTHORITY/NETWORK SERVICE user by default
Import Option for Certificates from Windows Certificate Stores
When importing certificates into the Windows Certificate Store, do not select the Strong Key Protection option. However, the All Extended Properties option must be selected. The following certificate import wizart opens when you doubleclick on Certificate.pfx
Manage Certificate: Assign Authorization
The user / network service must be granted read access for the Certificate.pfx:
- Open the Certificates Console -> press the Windows key + R on your keyboard and enter certlm.msc, then press Enter
- Go to the Personal -> Certificates folder and click with the right mousebutton on the Signing Certificate
- Select All Tasks and Manage Private Keys
- Select the read authorization for the user defined for the dab Nexus service (here it is the network service). Once the authorization has been set, click OK