Using trusted certificates on Security Center servers (Advanced) - Security Center 5.11

Security Center Hardening Guide 5.11

Product
Security Center
Content type
Guides > Administrator guides
Version
5.11
Language
English
Last updated
2023-03-13

To strengthen the security of your system, you can replace the self-signed certificate on the main server with one issued by a trusted certificate authority (CA). Alternatively, you can import the certificate into the trusted root store of all machines that connect to the Directory.

Before you begin

When installing Security Center, on the Security Settings page of the InstallShield, select Always validate the Directory certificate.

Procedure

  1. Open Genetec™ Server Admin.
  2. From the Servers list, select your server.
  3. In the Secure communication section, click Select certificate.
  4. Choose a certificate and click Select.
    Select certificate dialog box in Server Admin showing a list of certificates to choose from.
  5. Click Save.
    IMPORTANT: If the selected certificate is not trusted by client machines, users are presented with a dialog box when they attempt to log on. This informs them of the untrusted connection and provides the following options:
    • Proceed and do not ask again (not recommended)
    • Cancel logon

    There is also a link to View certificate details to help understand why the certificate is not trusted.

    We recommend using a certificate that is trusted by all client machines. If the Invalid certificate warning is unexpected, ensure that you understand why the certificate is not trusted before proceeding.