Configuring third-party certificates

To configure third-party certificates for use with Power Operation, you must configure the service layer, edit the certificate, and then update the registry.

NOTE: The third-party certificate you want to use must be in the Personal Information Exchange (PFX) file format.

Configuring the Service Layer

  1. Navigate to and double-click the PFX file you want to import. The Certificate Import Wizard appears.
  2. Select Local Machine and click Next.
  3. In the File name field, verify the name of the file you are importing, then click Next.
  4. If a password exists for the private key, enter it in the Password field.
  5. Select the Mark this key as exportable. This will allow you to back up or transport your keys at a later time. and Include all extended properties. check boxes.


  6. Click Next.
  7. On the Certificate Store page, choose the default option (Automatically select the certificate store based on the type of certificate), then click Next.
  8. Click Finish.
  9. Click OK.

Setting permissions on the certificate

  1. Press Window + R to open the Run window.
  2. In the Open field, type mmc and click OK.
  3. In the Console window, select File > Add/remove snap-in.
  4. In the left pane, select Certificates, then click Add.
  5. In the Certificates snap-in window, select Computer account, then click Next.
  6. Select Local computer, then click Finish.
  7. Click OK to close the Add or Remove Snap-ins window.
  8. In the Console Root pane, expand Certificates > Personal > Certificates. The installed certificate appears in the right pane.
  9. Right-Click the certificate and select All Tasks > Manage Private Keys…
  10. Click Add and type <ComputerName\ArchestraWebHosting> then click OK.

  11. Verify that Full Control and Read permissions are allotted to the ArchestraWebHosting group.
  12. Click OK.
  13. Double-Click the certificate to view it. Select the Details tab, then locate and click the Thumbprint field in the list.
  14. Highlight the value, then press Ctrl + C to copy the value and press Ctrl + V to paste it to notepad or another text editor. You will need this value to update the registry.

    15. NOTE: Some operating systems may store the Thumbprint with spaces, you may have to delete the spaces prior to updating the registry.

Updating the Registry

notice

irreversible operating system damage or data corruption

Before making any changes, back up your Windows Registry to a network folder or other remote location.

Failure to follow these instructions can result in irreparable damage to your computer's operating system and all existing data.

NOTE: Registry edits must be performed only by qualified and experienced personnel.

 

  1. Start a Windows command-prompt in Administrator mode.
  2. Copy and paste the following command to create a backup of the registry key:
    Reg copy "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Schneider Electric\Power Operation\WebApplications\Default" "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Schneider Electric\Power Opeation\WebApplications\Default_orig" /s /f
  3. Copy and paste the following command to update the registry value:
    Reg Add "HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Schneider Electric\Power Operation\WebApplications\Default" /t REG_SZ /v SslThumbprint /d “<PASTE THE THUMBPRINT HERE>” /f
  4. Run the following commands for the changes to take effect in the services:

    %windir%\System32\inetsrv\Appcmd stop apppool /apppool.name:PsoWebserviceAppPool

    %windir%\System32\inetsrv\Appcmd start apppool /apppool.name:PsoWebserviceAppPool

    %windir%\System32\inetsrv\Appcmd stop apppool /apppool.name:PlatformServerAppPool

    %windir%\System32\inetsrv\Appcmd start apppool /apppool.name:PlatformServerAppPool

  5. Close the command prompt.