Encryption between the XProtect Update Manager elements
To encrypt the connection, XProtect Update Manager requires certificates that are trusted by all hosts in the system.
Before you start the installation of XProtect Update Manager, install the certificates on all hosts that you want to be part of your VMS system:
-
If you have a CA-signed certificate, install the pubilc key of that certificate on all hosts in your system. Install the certificate on the Personal store on the local computer. The certificate in the Personal store must be in .pfx format.
-
To use a self-signed certificate, you must create a certificate for the update server. Then, install that certificate in the local computer's Trusted Root Certification Authorities and Personal stores on all hosts. The certificate in the Personal store must be in .pfx format.
-
Give Read permission to the Network Service account to manage the private key of the SSL certificate. See Manage the private keys of a certificate.
You select a .pfx certificate file when you install the XProtect Update Manager service. You cannot install XProtect Update Manager without a valid certificate.
For more information about certificates, see the XProtect VMS certificates guide.