Install IIS TLS certificates on the RSA KMS

You must create the IIS TLS server certificate and the IIS TLS CA certificate according to system requirements. The IIS TLS server certificate is installed into the Windows Personal Certificate store on the RSA KMS and the IIS TLS CA certificate is installed on all system servers.

Make sure to keep track of the password within the PKCS12 file, as you need it during installation.

Creating the IIS TLS security certificates for SSL is the customer's responsibility. Due to the potential liability risk, Verint no longer creates certificates for our customers.

Before you begin 

Verify that the IIS TLS certificates are valid. For information about validating the certificates, refer to the Security Configuration Guide.

Procedure 

  1. Copy the IIS TLS customer-provided certificates to the RSA KMS.

    1. Log on to the RSA KMS.

    2. Make a <KMS_media_folder>\<IIS_TLS_cert_folder> directory for the IIS TLS customer-provided certificates.

    3. Copy the customer-provided IIS TLS CA certificate and the IIS TLS server certificate to the <KMS_media_folder>\<IIS_TLS_cert_folder> folder on the RSA KMS.

  2. On the RSA KMS, on the Start screen, click Search.

  3. In the Search Apps box, type mmc.

  4. Under the Apps Results for “mmc”, click mmc.

  5. Click File > Add/Remove Snap-in.

  6. On the Add or Remove Snap-ins window, under the Available snap-ins section, select Certificates, and click Add.

  7. On the Certificates snap-in window, select Computer account, and click Next.

  8. On the Select Computer window, select Local Computer, and click Finish.

  9. Click OK.

    The Add or Remove Snap-ins window is closed.

  10. Under Console Root, expand Certificates.

  11. Right-click Personal, and select All Tasks > Import.

  12. On the Certificate Import Wizard window, click Next.

  13. Browse to the <KMS_media_folder>\<IIS_TLS_cert_folder> folder.

  14. Select All Files, and then select the customer provided IIS TLS server certificate in PKCS12 format.

  15. Click Open.

  16. Click Next.

  17. In the Password box, type the export password.

  18. Select the Mark this key as exportable check box. This step is recommended, but is not required.

  19. Click Next.

  20. Select Automatically select the certificate store based on the type of certificate, and click Next.

  21. Click Finish.

  22. To complete the import, click OK.

  23. Make sure the IIS TLS server certificate is imported into the Personal store.

  24. Make sure the IIS TLS CA certificate appears in the Trusted Root Certification Authority store. The CA certificate is imported automatically into the Trusted Root Certification Authority when the IIS TLS server certificate P12 file is imported into the Personal certificate store.

  25. Save the Certificate snap-in for later use.