Create SSL certificate for the failover management server

XProtect Management Server Failover is configured on two computers. To make sure that the clients trust the running management server, install the SSL certificate on the primary and the secondary computer.

To create and install the SSL certificate for the failover cluster, you need to install the CA certificate first.

On the computer where you created the CA certificate, from the folder where you placed the CA certificate, run the Failover management server certificate script to create an SSL certificate for the primary and the secondary computer.

The computer that you use for creating certificates must run Window 10 or Windows Server 2016 or newer.

  1. In Appendix C of this guide, copy the script for creating failover management server certificates.
  2. Open Notepad and paste the script.

    3. It is very important that the lines break in the same places as shown in Appendix C. You can add the line breaks in Notepad or alternatively, reopen this PDF with Google Chrome, copy the contents again and paste it into Notepad.

  3. In Notepad, select File -> Save as, name the file CreateFailoverCertificate.ps1 and save it locally in the same folder as the CA certificate:
    Example: C:\Certificates\CreateFailoverCertificate.ps1.
  4. In File Explorer, go to C:\Certificates and select the CreateFailoverCertificate.ps1 file.
  5. In the File menu, select Open Windows Powershell and then Open Windows PowerShell as administrator.

  6. In PowerShell, enter .\CreateFailoverCertificate.ps1 at the prompt and press Enter.

  7. Specify the FQDNs and the host names for the primary and the secondary computer, separated by a comma.

    Example: pc1host,pc1host.domain,pc2host,pc2host.domain.

    Press Enter.

  8. Specify the virtual IP address of the failover cluster. Press Enter.
  9. Specify a password for the certificate and press Enter to finish the creation.

    10. You use this password when you import the certificate on the server.

    The [virtualIP].pfx file appears in the folder where you ran the script.

Import the certificate the same way you would import an SSL certificate, see Import SSL certificate. Import the certificate on the primary and secondary computers.