Background

After the SMC2.0 is installed, a CA root certificate is automatically stored on the SMC2.0 server. If Verify the Certificate under System > Settings > Devices is selected on the SMC2.0 web interface, the corresponding HTTPS certificate must be uploaded.

• If the customer does not purchase any other commercial certificate, the CA root certificate on the SMC2.0 server can be used.
• To improve system security, it is recommended that the customer purchase a commercial certificate to replace the CA root certificate on the SMC2.0 server. To uninstall the CA root certificate, see Uninstalling the Root Certificate Provided with the SMC2.0 System. To install a purchased commercial certificate, see Installing the Purchased Commercial Certificate.

 NOTE:

If a purchased commercial certificate is used, ensure that the encryption password for the key meet the password complexity requirements. .

Uninstalling the Root Certificate Provided with the SMC2.0 System

1. Log in to the SMC2.0 server as the SMC2.0 administrator.
2. (Optional) Add a certificate manager to the console.

   If a certificate manager is already added, skip this step.

   1. Choose Start > Run, enter MMC, and press Enter.

      The Console1 window is displayed.

   2. Choose File > Add/Remove Snap-in....

      The window shown in Figure 2-5 is displayed.

      Figure 1 Add/Remove Snap-ins
      

   3. Select Certificates from Available snap-ins. Click Add.

      The Certificates snap-in window is displayed.

   4. Select My user account and click Finish.

      The Add/Remove Snap-ins window is displayed.

   5. Click OK.

      The Console1 window is displayed.

3. Choose Console Root > Certificates > Trusted Root Certification Authorities > Certificates.

   The window shown in Figure 2-6 is displayed.

   Figure 2 Certificate list
   

4. Right-click huawei_ca, from the shortcut menu, choose Delete.

   In the subsequent windows, click Yes until the certificate is uninstalled.

Installing the Purchased Commercial Certificate

1. Log in to the SMC2.0 server as the SMC administrator.
2. Enter IIS in the Windows search box and select Internet Information Services(IIS) Manager among the results.

   The window shown in Figure 2-7 is displayed.

   Figure 3 IIS manager
   

3. From the navigation tree on the left, choose the root directory. Under IIS in the middle pane, double-click Server Certificates.

   The window shown in Figure 2-8 is displayed.

   Figure 4 Server Certificates
   

4. Click Import in the operation list on the right.

   The dialog box shown in Figure 2-9 is displayed.

   Figure 5 Importing certificate
   

5. Upload the purchased certificate file in .pfx format, enter the password, and select Allow this certificate to be export based on the certificate requirements. Then click OK.

Binding a Certificate

 NOTE:

By default, the temporary certificate authorized by huawei_ca is bound. To improve security, if a commercial certificate has been purchased, bind the certificate here.

1. Enter Internet Information Services (IIS) Manager.
2. Bind the certificate to the SmcSite.
   1. From the navigation tree on the left, choose WIN-XXXXXX > Sites > SmcSite, right-click SmcSite and choose Edit bindings....

      The Site Bindings window is displayed.

   2. Select https and click Edit....

      The Edit Site Binding window is displayed.

   3. From the SSL certificate drop-down list, choose the certificate to be bound and click OK.

3. In the SmcFileSrv site, bind the commercial certificate by following the method in Step 2.
4. Bind the certificate to the SmcFtp site.
   1. From the navigation tree on the left, choose WIN-XXXXXX > Sites > SmcFtp.
   2. Double-click FTP SSL Settings on the SmcFtp homepage.

      The FTP SSL Settings window is displayed.

   3. From the SSL certificate drop-down list, choose the certificate to be bound.
   4. Click Apply on the right.

      A dialog box is displayed, indicating the change is saved.