Security Certificate Options

Server security certificate options differ depending on the type of server you are configuring.

Full Server Certificate Options

The following table describes the type of security certificates available for use on a single full server.

Note: Starting with Workflow 2.5, legacy certificates are no longer supported.
Option Description
Generate new and unique certificates This option allows you to automatically generate new self-signed certificates. If you are installing in a multiple server or server failover cluster environment, more configuration is required on those servers.
Import certificates This option allows you to import certificates that were generated on and exported from a main server. This option is used when installing extension servers in a multiple server or server failover cluster environment and can also be used to install the same certificates on multiple single servers.

After selecting this option, in the Certificate File field, click Browse to locate and select the zip file containing the security certificates that you exported.

Use the certificates already installed on this server Post-installation configuration only: this option is available when you use the Configure Certificates tool. It allows you to use existing certificates that were installed with a previous version of this application.
To import certificates, select the Enable certificate import for advanced configuration check box, and then click Import. Click View to view each certificate after it has been imported.
Note:
  • While importing the “Custom SSL/TLS certificate” the SSL certificate issued by ProficySelfSignedCA is maintained (Added/Removed) from the Windows certificate store and bound to ports required by Workflow. The custom SSL certificate is only imported and bound to ports. The utility does not remove the certificate from Windows certificate store.
  • While importing the custom SSL/TLS Certificate from the utility ConfigureCertificates.exe, if the certificate already exists in the certificate store, then it will need to be deleted manually.

Extension Server Certificate Options

The following table describes the type of security certificates available for use on an extension server; that is, in a multiple server or server failover cluster environment.
Option Description
Import certificates This option allows you to import the certificates that are installed on the main server. You must manually export the certificates from the main server to a defined location, and then import the certificates to the extension server. This option will generate an SSL certificate if the main server is using certificates generated by the installation.

After selecting this option, in the Certificate File field, click Browse to locate and select the zip file containing the security certificates that you exported.

Client Certificate Options

When you install a remote client, the certificates that you installed on the server (that is, the single server or the main server in a multiple server or server cluster environment) are automatically downloaded and installed on the client.

If the certificates on the server are modified in any way, each client connected to the server will also have to be updated so that the certificates match those on the server.