[KBA-78971] Adding a certificate to a pre-12.8 SharpV from an unknown certificate authority - SharpV 12.5 - 12.7

series
SharpV 12.5 - 12.7
revised_modified
2019-03-13

[KBA-78971] Adding a certificate to a pre-12.8 SharpV from an unknown certificate authority

This article explains how to apply a certificate signature over a certificate signing request (CSR) on a SharpV with a SharpOS version earlier than 12.8 GA.

Applies to: SharpV 12.5 - 12.7

Summary

If a certificate signature is issued by a certificate authority that is not included in the list of Windows of third-party root certificate authorities (CA), or if your organization has its own public key infrastructure (PKI) which manages signatures, you must add the CA to the platform software running on the SharpV so that the host can validate the chain of trust.

In the following example, the fictional company "Contoso" has its own certificate authority and manages the signatures. Inspecting the chain of trust, we see the certificate was signed using the Contoso private CA. This certificate signature is not recognized by default in Windows. The intermediate CA (Contoso Private Type 1 EU Primary Issuing CA) and root CA (Contoso Private Type 1 Root CA) must be added manually to complete the CSR operation.

NOTE: This example uses two certificate authorities to complete the chain of trust. Your system might have a different number of certificates.

More information

To apply a certificate signature over a CSR (using the Contoso example):
  1. Ensure that you have the root certificate and the primary issuing certificate. For example:
    • Contoso Private Type 1 Root CA
    • Contoso Private Type 1 EU Primary Issuing CA
  2. Log on to the Sharp Portal.
  3. On the Configuration > Security page, enable Remote assistance.
  4. Open a Remote Desktop Connection on the SharpV.
    1. From a computer on the same network as the SharpV, launch Remote Desktop Connection.
    2. Connect to the SharpV using the unit's IP address.
    3. The RDP password is the 32-character Unit Access Code on the yellow sticker that was provided with the SharpV camera.

  5. Add both certificate files to the E:/ drive of the SharpV.
  6. Import the root certificate.
    1. Right click on E:\ContosoPrivateType1EUPrimaryIssuingCA.crt then click Install Certificate.

      The Certificate Import Wizard opens.

    2. The wizard prompts you to select a store location. Select Local Machine and click Next.
    3. The wizard prompts you to select the certificate store you want to use. Select Place all certificates in the following store and click Browse.
    4. From the Select Certificate Store window, select Trusted Root Certification Authorities and click OK.
    5. Click Next to continue, and click Finish to close the wizard. The system displays the message "The import was successful".
  7. Import the primary issuing certificate.
    1. Right click on E:\ContosoPrivateType1RootCA.crt then click Install Certificate.

      The Certificate Import Wizard opens.

    2. The wizard prompts you to select a store location. Select Local Machine and click Next.
    3. The wizard prompts you to select the certificate store you want to use. Select Place all certificates in the following store and click Browse.
    4. From the Select Certificate Store window, select Trusted Root Certification Authorities and click OK.
    5. Click Next to continue, and click Finish to close the wizard. The system displays the message "The import was successful".
  8. To complete the signing request, import the signature into the Sharp Portal.

Status

This procedure will not be required with SharpOS 12.8 and later.