The Web server requires the following so that it can communicate with the Java client using a secure connection:
- A server certificate issued by the same CA as issued the Java client certificate
- The root certificate of the CA
The graphic below depicts the steps required and the order in which you carry them out. For all steps, use the tools provided by Windows and the Web server (Microsoft IIS).
For a distributed TREX installation with multiple Web servers, carry out all steps on each individual Web server.
- Create a certificate request for the Web server.
- Send this request to the CA.
- Collect the certificate for the Web server as soon as the CA has issued it.
- Import the server certificate to the Web server.
- Then change the settings for secure communication on the Web server. Define that the communication is to take place using HTTPS. Also define the SSL port to be used for secure communication.
- Collect the root certificate of the CA.
- Import the root certificate.
- Then enter the owner and issuer of the client certificate into the TREXcert.iniconfiguration file. The Web server can authenticate the Java client using the certification information.
The following sections provide more detailed information on each step.