HTTPS settings
Under this Token Vault settings group, you can enable HTTPS protocol and configure related settings.
-
Set HTTPS port to a valid, available port. The default port is 8381.
-
Set HTTPS certificate thumbprint to the thumbprint of the certificate that you want to use for your Token Vault instance or generate a self-signed certificate by Token Vault.
Requirements for the certificate:
-
Issued to or Subject property must be the fully qualified name of the computer where Token Vault is installed.
-
Must be stored in the Local Computer store: Certificates (Local Computer)\Personal.
-
The user account of the Windows service running Token Vault must have privileges to use the private key of the certificate.
-
To generate a self-signed certificate by Token Vault:
-
Delete the HTTPS certificate thumprint if specified.
-
Click General new... button next to the HTTPS certificate thumbprint textbox.
The New self-signed certificate page is displayed.
-
Enter the fully qualified name of the computer where Token Vault is installed as Host name.
-
Select the Key size and Expiration for the certificate.
-
Specify a password (Password and Confirm password) for the certificate.
-
Click on Create to create the self-signed certificate.
The Server settings page with the thumbprint of the newly created self-signed certificate as HTTPS certificate thumprint and the certificate expiration date is displayed.
-
Click Download the root certificate button next to the HTTPS certificate thumbprint textbox to download the root certificate (TokenVault Root CA.pfx file) belonging to the newly created self-signed certificate. This root certificate needs to be deployed to users' computer to make the newly created self-signed certificate trusted.
-
Click Save to save the general settings.
-
Click Restart service to restart the Token Vault Windows service and use Token Vault with HTTPS protocol and the newly generated self-signed certificate.
If the Token Vault does not appear in the browser automatically, enter the Token Vault URL into the address bar of your browser according to your Token Vault configuration in the following format:
https://<FQDN>:<port>/
where:
- FQDN is the fully qualified domain name of the Token Vault machine and
- port is the value of the HTTPS Port setting configured on the Server Settings page
For example:
https://tokenvaultmachine.testdomain.com:8381.