×

Have You Seen Workflow Lately? Click here to check out all the new features in the latest version.

Supercharge your GE solution! Download a free trial of Proficy Operations Hub, CSense analytics, and more. Learn more about the Proficy 2024 releases, by signing up for one of our upcoming events.

Home
Get Started
Get Started Guide
Pre-Installation Consideration
Security Certificates
Security Certificates
Security certificates must be installed on all Workflow application server and client machines in your system.

Workflow Products Documentation

Get Started
- Get Started Guide
  - Installation Requirements
  - Pre-Installation Consideration
    - Architecture Considerations
      If you are installing an application server or extension server (that is, Workflow or User) on a 64-bit computer, you can configure the server for either 32-bit or 64-bit operation.
    - Prerequisites for Windows 2012 R2 Installations
    - Configure Windows Authentication for Workflow
      You can configure Workflow to use Windows authentication to connect to a remote SQL Server instance.
    - Windows Services for Workflow
      There are several Windows services that must be running in order for Workflow to function properly.
    - Security Certificates
      - Security Certificates
        Security certificates must be installed on all Workflow application server and client machines in your system.
      - Security Certificate Options
        Server security certificate options differ depending on the type of server you are configuring.
      - Install Certificates on older Operating Systems
        You can create certificates on a Windows 10 or Windows Server 2016 machine and transfer them to a machine with an older operating system.
      - Use self-signed certificates for the web server
        If you are using self-signed certificates, you must install them on client machines in order to access the web server. Download the certificate to your client machine by accessing http://yourservername:8008/Certs/Help.
    - Firewall Ports
      During server installations, the installation setup detects whether there is a firewall on the computer. You must either disable the firewall or configure it to allow communication with remote clients.
    - Database Backup and Restore
      Workflow utilizes SQL Server to store information. In order to ensure that the integrity of the information is maintained, it is important to back up your database on a regular basis.
    - Multiple Servers
      Workflow provides the ability to install across multiple servers, each of which hosts a set of services. A multi-server environment is transparent and appears to be a single server to remote clients.
    - Server Clustering and Failover
      Workflow provides the ability to implement Microsoft^® Windows Clustering, which allows you to configure your server environment to be fault tolerant.
    - Enable Connection between Workflow and SQL Server
      In order for Workflow to connect to any edition of Microsoft^® SQL Server 2012 or later, you must configure SQL Server to enable the db_owner role on the SOADB database for the applicable login account.
    - License Management
      The GE License Client provides a single, easy-to-use tool to both view and manage online software licensing.
    - Performance Counters
  - Installation Procedures
  - Server Clustering Implementation
  - Deploy the Web Task List
  - Log On Overview
  - Post-Installation Configuration
  - Upgrade Workflow
  - Install a Reporting Database
  - Terminal Server
  - ActiveX Task Controls
  - Workflow Task Client
  - Installation Security

Security Certificates

Security certificates must be installed on all Workflow application server and client machines in your system.

Security certificates are used to protect your identifiable information and to protect your computers from unsafe software. A certificate is a statement verifying the identity of a person or the security of a website.

During the application installation process, certificates are automatically generated using the Workflow Certificate service. Alternatively, you can select a security certificate for the ProficyPlatform, Proficy STS, and SSL/TLS server services.

You can configure the following types of certificates:

Self-signed certificates generated during the installation process.
Existing certificates that you installed and configured for a previous version of the application.

The Workflow client computer must verify and trust the identity of the server before it can securely send a user's login and password credentials and complete the authentication process. To establish this trust, the client must trust the root of the server's certificate. That is, the client must have the certificate of the Certificate Authority (CA) that issued the server certificate in their Trusted Root Certificate Authorities store.

When you generate new certificates or use existing certificates, the following steps will occur.

Install a trusted root certificate.
Install a certificate to a Certificate Store (by default, the Personal Certificate Store).
Install generated self-signed certificates to the proper Certificate Store(s).
Register the SSL certificates to IP ports assigned to the Workflow application server.
Provide the option to use existing certificates configured for a previous version of the application.

Important: The SSL/TLS Server Certificate must be unique to each server.

For information on changing or updating security certificates post-installation, see Modify security certificates.