Setting Up a Certificate for Internal Microsoft CA

This section describes how to create a machine certificate for use with a connector for Privilege Control for Servers. The connector requires a signed certificate and root of trust in order to communicate with the Delinea Platform. You install the certificate onto the computer where you have installed the Delinea Connector.

To create a computer certificate template with an exportable private key

Setting up and exporting a certificate for an internal Microsoft Certificate Authority is described in Microsoft documentation. See Active Directory Certificate Services documentation on the Microsoft Learn website.

To generate a computer certificate for the Delinea Connector:

  1. In the server where you are going to create the certificate, open the mmc.exe program.

  2. In the MMC program, select File > Add/Remove Snap-ins. Add the Certificates (Computer) snap-in. Click Add.

    alt

  3. For the Certificates snap-in, choose Computer account. Click Next.

    alt

  4. In Select computer, keep all the default values. Click Finish, then click OK.

  5. Navigate back to the console. In Console Root, right-click Personal, then select All Tasks > Request New Certificate. Click Next on the Certificate Enrollment screen.

  6. On the Select Certificate Enrollment Policy screen, ensure you have Active Directory Enrollment Policy. Click Next.

    alt

  7. For Request Certificate, select Computer with Exportable Key and click the hyperlink directly below, More information is required to enroll for this certificate. Click here to configure settings.

    alt

  8. Press Add on both Subject name and Alternative name to move the set values to the right side. Click OK.

    alt

    To obtain the Subject name and Alternative name, click the certificate details (subject name and subject alternative name).

    certificate details

    certificate details

To export the certificate with the private key

Export the certificate and install it on the computer where you have installed the connector.

  1. Under Personal > Certificates, right click the [name of the server] Certificate and select Export.

  2. Click Next.

  3. On the Export Private Key screen, select Yes, export the private key . Click Next.

  4. For Export File Format, keep the default value, Personal Information Exchange - PKCS # 12 (.PFX). Click Next.

    Export File Format

  5. On the Security screen, select Group or user names (recommended). Click Add.

    Security

  6. On the Select User, Computer, Service Account, or Group screen, in the field Enter the object name to select (examples), enter domain admin. Click Check Names.

    Select User, Computer, Service Account

  7. Click OK, then click Next.

  8. For File to Export, give a name to the file and click Save.

  9. Click Next.

    Make a note of this location, because you will need it during setup (for example, c:\delinea\delinea.pfx).

  10. In the Completing the Certificate Export Wizard screen, click Finish.

  11. A message dialog appears to say the export was successful. Click OK.