IBM Support

Secret Server - Trusting an SSL Certificate on a Client Machine

Product Documentation


Abstract

When a self-signed certificate is installed on a server for the Secret Server website, client computer browsers will generally give security warnings for that web site. This is because for public websites, only certificates issued by trusted authorities can be trusted as valid certificates. For certificates that will only be used within a company or domain, self-signed certificates the security warnings can generally be ignored.

However, the security warnings can also interfere with the use of the Secret Server Launcher and Web Password Filler. To resolve, the certificate can be installed on the client machine either through Internet Explorer or Certificates snap-in.

Content

The following steps can be used to trust the certificate:
 
1.)  Make sure that the host to which the certificate is issued is the same as the host name for your Secret Server website.
    Open Internet Explorer and navigate to Secret Server
    Click Continue to this website if you are prompted
    Click the Certificate Error icon next to the navigation bar and then click View certificate. The value next to Issued to should match the host name for your website. 
For example, if your website is "https://www.mydomain.local/SecretServer"", it should say "Issued to: www.mydomain.local". If these fields do not match, the client will not be able to fully trust the certificate.
2.)  Obtain a copy of the certificate file and transfer it to the client computer.
 
    On the server that Secret Server is installed on, find Run from the start menu or screen and type in mmc, then hit Enter.
    From the File menu, select Add/Remove Snap-in.
    Select the Certificates snap-in, then click the right arrow button to add it.
    In the window that appears, select Computer Account, then Local Computer, and then click Finish.
    You should now see the Certificates (Local Computer) node. Expand the Personal folder and then the Certificates folder under it.
    Right-click the certificate that Secret Server uses, then click All tasks and select Export.
    Keep clicking Next to accept defaults in the wizard. Enter a filename, and then click Finish. The certificate has now been exported.  
    Copy the certificate from your server and transfer it to your client computer.
Note: If you have Firefox, the certificate can be saved to your client computer by viewing and exporting it after navigating to the website. 
3.)  Install the certificate on the client computer.
 
    On the client computer, find Run from the start menu or screen and type in mmc, then hit Enter.     
    From the File menu, select Add/Remove Snap-in.     
    Select the Certificates snap-in, then click the right arrow button to add it.     
    In the window that appears, select My user account, and then click Finish.     
    Expand the Trusted Root Certification Authorities folder, then right-click the Certificates folder, and select All Tasks > Import.     
    Click Next and Yes to accept default settings for all steps of the wizard.     
    When prompted for the certificate file, select the file you saved in the previous step (2).
 
Note: You may need to reopen Internet Explorer and browse to Secret Server once more to see the change reflected on the client machine.

Document Location

Worldwide

[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSWHLP","label":"IBM Security Secret Server"},"Component":"","Platform":[{"code":"PF033","label":"Windows"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
10 October 2019

UID

ibm11086081

Page Feedback