Content Classification Service Integration Guide › CCS Deployment › Configure Security for the Classification Cache › Request a Certificate

Request a Certificate

SSL requires certificates at both ends of a connection to verify the identity of each participant.

To request a Certificate

1. On the server hosting the Classification Cache, run the following command from the %DXHOME%\bin\ folder to create a certificate signing request for the DSA:

   dxcertgen -D <DSA_Name> certreq
   

   The certificate signing request is created in %DXHOME%\config\ssld\<DSA_Name>.csr.

   <DSA_Name>

   Is the name of the Classification Cache DSA. It defaults to ccscache.

   %DXHOME%

   Is a Windows environment variable that specifies the path to the CA Directory installation folder. In a typical installation, this variable is set to:

   C:\Program Files\CA\Directory\dxserver

2. Browse to your active directory server that runs the Microsoft Certificate Services.

   If you use Active Directory as the root certificate authority, the certificate server is normally:

   http://<active directory server>/certsrv.
   

   The Certificate Services welcome page displays.

3. Click the Request a Certificate hyperlink.

   The 'Request a Certificate' page displays.

4. Click the ‘advanced certificate request’ hyperlink.

   The Advanced Certificate Request page displays.

5. Click the option that begins with ‘Submit a certificate request by using a base-64-encoded CMC file or PKCS #10 file…’

   The 'Submit a Certificate Request or Renewal Request' page displays.

6. Paste the contents from <DSA Name>.csr into the ‘Saved Request’ text box.

   Note: See step 1 for details about <DSA Name>.csr. We recommend that you open <DSA Name>.csr using a text editor such as NotePad.

7. Set the Certificate Template setting to 'Basic EFS'.
8. Click Submit.
9. When the next page appears, download your certificate.
   1. Click 'Base 64 encoded'.
   2. Download the certificate to a temporary location.