Requesting and installing encryption certificates (Advanced) - Security Center 5.11

Security Center Hardening Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2023-03-13

To authorize a client machine to view encrypted data, you must request an encryption certificate from the client machine. You then install the certificate with the private key locally, and transfer the public portion of the certificate to the Archiver responsible for encryption.

Before you begin

There are many ways to request and manage digital certificates. Before you proceed, consult your IT department about your company's policies and standard procedures.

What you should know

The encryption certificate contains a pair of public and private keys. The public key is used by the Archiver to encrypt the private data for a specific client machine. The private key is used by the client machine to decrypt the private data.
Best Practice: The private key should never leave the machine on which it is needed.

Procedure

  1. Log on as a local administrator of the client machine.
  2. Add the Certificates snap-in to your local computer account.
    Installing the certificates in the local computer store gives you more control over the management of private keys.
  3. Follow your company's procedure for requesting and installing the certificate.
  4. If the client is supposed to have access to encrypted data for a limited time, set the certificate's expiry date accordingly.
  5. If you do not plan to run Config Tool from this computer, export the certificate with only the public key to a certificate (.cer) file.
    Save the certificate file to a location that can be accessed from the workstation from which you plan to run Config Tool.