Follow the steps in this appendix for managing the trusted certificates on the Metasys Server or SCT computer, and for selecting security levels for the site. The Metasys server, SCT computer, and network engines are installed with self-signed certificates, which enables encrypted network communication between the devices. Optionally, the customer can deploy trusted certificates at the Metasys server or SCT computer and enable encrypted and trusted communication between the Metasys server and network engines. Trusted certificates, installed on the client computer and the Metasys SMP or SCT computer, are either provided by the customer's IT department or a Certificate Authority (CA). A security shield icon on the Metasys server or SCT login and user interface screens indicate the encryption state:
- Green Shield: the connection is encrypted and trusted
- Orange Shield: the connection is encrypted, but not trusted
- Red Shield: the connection is encrypted, but the security level cannot be verified
To deploy a trusted server certificate at the Metasys server or SCT computer, follow Steps 1-3 referenced below. Then, if the IT department or CA has provided separate files for the root and intermediate certificates, follow Step 4. Also follow Step 4 if you need to establish a trusted relationship between the client computer and the Metasys server and SCT computer. If you want to establish encrypted and trusted communication between the Metasys server and network engines, follow Step 5, which explains how to set the Site Security Level. Lastly, perform Step 6 if you want to verify all certificates are in place.
- Requesting a server certificate
- Completing a server certificate request
- Binding the secure certificate
- Importing root and intermediate certificates
- Setting the Site Security Level to Encrypted and Trusted
- Verifying the server certificate chain
For details on how to remove or rebind a secure certificate, see Removing or rebinding the secure certificate. For details about how to remove a self-signed certificate from the certificate store, see Removing the self-signed certificates in the certificate store. For details about managing certificates on network engines, refer to Metasys® SCT Help (LIT-12011964) .
Lastly, this appendix describes how to use two special security attributes that you set in the site object of the Site Director: Site Security Level and Advanced Security Enabled. See the following sections for details: