Creating SSL certificates for CEP and CES servers

CES and CEP must use Secure Sockets Layer (SSL) for communication with clients (by using HTTPS). Each service must have a valid certificate that has an Enhanced Key Usage (EKU) policy of server authentication in the local computer certificate store.

  1. Install the IIS service in the server.

  2. Log in to the CEP server, and then add the Root CA certificate in the Trusted Root Certification Authority store.

  3. Launch the IIS Manager Console and then, select Server Home.

  4. From the main view section, open Server Certificates.

  5. Click Actions > Create Certificate Request.

  6. In the Distinguished Name Properties window, provide the necessary information and then, click Next.

  7. In the Cryptographic Service Provider Properties dialog, select the bit length, and then click Next.

  8. Save the file.

  9. Get the file signed by the CA that you are planning to use for CEP and CES.

    Notes: Make sure that Server Authentication EKU is enabled in the signed certificate.

  10. Copy the signed file back to the CEP server.

  11. From the IIS Manager Console, select Server Home.

  12. From the Main View section, open Server Certificates.

  13. Click Actions > Complete Certificate Request.

  14. In Specify Certificate Authority Response window, select the signed file.

  15. Type a name, and then in the Certificate Store menu, select Personal.

  16. Complete the certificate installation.

  17. From IIS Manager Console, select the default website.

  18. Click Actions > Bindings.

  19. In the Site Bindings dialog, click Add.

  20. In the Add Site Binding dialog, set Type to https, and then from the SSL certificate, browse for the newly created certificate.

  21. From the IIS Manager Console, select Default Web Site, and then open the SSL settings.

  22. Enable Require SSL and set Client certificates to Ignore.

  23. Restart IIS.

Notes: Follow the same process for CES server.