Server certificate management

Certificates used for communication between the servers (AutoStore, DWS, Equitrac, and Output Manager) must meet the following requirements:

  • Be valid as of the current date. Expired certificates need to be replaced.

  • Have a subject or alternative subject name that matches the address entered in DRS.

    If the network environment requires servers to communicate using IP addresses, and there is not one on the certificate, modify the hosts file on DWS to use the subject common name on the certificate. See the web server documentation for instructions.

  • We recommend using certificates from a certificate authority listed in the Java keystore (typically C:\Program Files\Kofax\Shared Services\DWS\JDK\jre\lib\security\cacerts). To use a self-signed certificate, be sure Trust self-signed certificate is set to True in DRS. If you have a certificate from a different certificate authority, import the CA certificate to the DWS Java keystore. Back up the cacerts file (located at <DWS Installation Folder>\JDK\jre\lib\security\cacerts) and run the following command:

    "<DWS Installation Folder>\JDK\jre\bin\keytool.exe" -import -file "<Certificate file>" -keystore "<DWS Installation Folder>\JDK\jre\lib\security\cacerts" -trustcacerts

    Enter the password when prompted. Restart DWS when finished.

  • Match the previously pinned certificate.

These certificates are listed in DWS on the Security tab. You can review the certificates and delete and re-pin them as needed.

Follow these instructions for installing and viewing the certificates.

Server certificates for Equitrac and Output Manager

Follow these steps to install server certificates for Equitrac and Output Manager.

  1. To use your own certificate with Equitrac and Output Manager, follow these steps in Configuration Assistant.
    1. Click the Certificate Management tab.
    2. Select all components.
    3. Select Action > Import Certificate.
    4. Go to the folder where you saved the self-signed certificate you exported.
    5. Select the certificate file, enter its password, and click OK.
    6. Click Apply and then click Close.
  2. Restart DCE.

Server certificate for AutoStore

Install the AutoStore server certificate by doing the following:

  1. Right click the Unified Client node and select Properties.
  2. Click the Preferences tab.
  3. In the Choose Certificate field, select New self signed.
  4. Complete the New Self Signed Certificate window as follows:
    1. In the Company field, enter the same server name that was entered in DRS.
    2. Enter the password date for the certificate.
    3. Enter a password for the certificate.
    4. Click OK.
  5. Restart the AutoStore service.

Viewing and managing server certificates in DWS

  1. Run DWS Server Web Admin.
  2. Click the Security tab.

    The certificates identified by DWS are listed.

  3. Scroll to the Server Certificates section at the bottom.

    This lists the server certificates currently in use with their expiration dates. You can manage these server certificates by using the links to the right of each one as follows:

    • If a certificate needs to be repinned, click the Re-pin link.

    • If a certificate has expired or otherwise needs to be removed, click the Delete link.