Setting a trusted certificate for Genetec Update Service - To strengthen the security of your system, replace the self-signed certificate on your Genetec™ Update Service (GUS) with one issued by a trusted certificate authority. - Genetec Update Service - User guides

To strengthen the security of your system, replace the self-signed certificate on your Genetec™ Update Service (GUS) with one issued by a trusted certificate authority.

1. Stop the Genetec Update Service and Genetec Update Service Sidecar services.
2. Open File Explorer and navigate to C:\ProgramData\Genetec Update Service\.
3. Edit the GenetecUpdaterServiceParameters.xml file as follows:
   • Remove the <CertificateThumbprint>…</ CertificateThumbprint> row.
   • Set the EnableCertificateGeneration value to false.

In the Microsoft Management Console (MMC), delete the existing self-signed certificate from the machine's Personal store.

1. From the Windows start menu, open the Run application.
2. In the Run dialog box, enter mmc.exe and click OK.
   The Console window opens.
3. Click File > Add/Remove snap-in.
4. In the Add or Remove Snap-ins dialog, select Certificates and click Add.
5. In the Certificates snap-in dialog, select Computer account > Local computer.
6. Click Finish > OK.
7. In the Console window, navigate to Certificates (Local Computer) > Personal > Certificates.
   
8. Delete the GUS certificate generated by the local machine.

Add your trusted certificate to GUS.

1. Start the Genetec Update Service and Genetec Update Service Sidecar services.
2. In a local browser, open the http://localhost:4594/Certificates website.
3. On the Select your Genetec Update Service Certificate page, choose your trusted certificate from the Certificates list.
   
4. Click Apply.
   The page automatically redirects to the GUS web page at https://localhost:4595.
5. Restart the Genetec Update Service Sidecar service to ensure the new certificate is configured correctly.