Import client certificates

This section describes how to import client certificates onto a client workstation or device.

  1. After you import a CA certificate to the Management Server or Recording Server, you can access it from any workstation or server in the network by going to the following address:

    • http://localhost/certsrv/

    However, the address of the server that holds the certificate (private key) will take the place of "localhost." For example:

    localhost/certserv - the web page of the web server hosted on the AD CS server used to distribute client certificates in the local network.

    This web-server is hosted on the Active Directory Certificate Services (AD CS) host server that holds the CA certificate.

  2. Click Download a CA certificate, certificate chain, or CRL.

  3. In the CA certificate field, select the CA certificate to be used with the XProtect system, and click Download CA certificate chain.

    The second step of downloading the CA certificate from the CertSrv webpage. Choose to Download CA certificate chain.

  4. Select DER encoded, and download the certificate chain.

  5. Browse to the downloads folder, right-click the certificate, and select Install Certificate from the shortcut menu.

    Find the certificate in the Downloads folder - Right click - choose Install Certificate

  6. This launches the Certificate Import Wizard.

    Click Next.

    Welcome screen for the Install Certificate Wizard - click next.

  7. Choose a store location. Select Place all certificates in the following store, and click the Browse button to open the Select Certificate Store window.

    Choose a non-default certificate store folder to install the certificate.

  8. Navigate to the Third-Party Root Certification Authorities certificate store and click OK.

    Click Next.

    Choose the Third-Party Root Certificate Authorities store location to install the CA certificate chain.

  9. Finish the Certificate Import Wizard.

Now the workstation has imported the certificate components required to establish secure communications with the Management Server or Recording Server.