MorphoManager TLS Configuration Manual
MorphoManager TLS Configuration Manual
version: 13.1.0.x
MorphoManager TLS Configuration Manual
Contents
Introduction ......................................................................................................................................3
Certificate requirements ...................................................................................................................3
Configure Manual Certificate binding mode .....................................................................................3
On the server machine ............................................................................................................................................. 3
On the client machine: .............................................................................................................................................. 3
MorphoManager Settings ........................................................................................................................... 4
Server Machine: ........................................................................................................................................................ 4
Client Machine: ......................................................................................................................................................... 5
Importing certificates ........................................................................................................................6
Determining the Fully Qualified Domain Name (FQDN) ...................................................................9
Creating your own certificates with OpenSSL .................................................................................10
Certificate Authority .................................................................................................................................. 10
Client and Server Certificates .................................................................................................................... 10
Introduction
MorphoManager 12 utilizes TLS 1.2 to encrypt communications between the server and client by
automatically generating self-signed certificates. Furthermore, if configured, customers can designate
their own certificates to accomplish these means as well as perform mutual authentication.
This guide is one example of how MorphoManager can be configured to use the Manual Certificate
Binding Mode.
Certificate requirements
The following is required for the certificate to pass validation:
1. The certificate exists in either the Personal or Trusted Root Certification Authorities collection
store
2. The certificate contains a private key
3. The certificate’s Key Usage Extension contains a Key Encipherment or Data Encipherment flag
4. The certificate’s Enhanced Key Usage Extension contains a valid Server Authentication value
(1.3.6.1.5.5.7.3.1)
5. If a CA certificate is used in Certificate validation:
a. The certificate authority thumbprint is of valid length (40)
b. The certificate authority thumbprint is of hexadecimal format
6. If certificate issuers need to match, you will have to ensure that both the certificates in the
certificate store came from the same source.
MorphoManager Settings
Server Machine:
1. Open Advanced Server Configuration.
2. Set Certificate binding to Manual.
3. Add the imported server certificate’s thumbprint in Certificate Thumbprint.
4. Set Client Certificate Validation to Enforced.
5. Check the Match certificate issuers checkbox.
Client Machine:
1. Open Advanced Client Configuration.
2. Change Server Connection Type to Manually Specified.
3. Change the hostname to the server’s fully qualified machine name.
4. Set Certificate binding to Manual.
5. Add the imported client certificate’s thumbprint in Certificate Thumbprint.
6. Set Server Certificate Validation to Enforced.
7. Check the Match certificate issuers checkbox.
Importing certificates
1. Begin by locating the certificate to be placed in the certificate store. Right click on the certificate
and choose the Install PFX option.
2. A Certificate Import Wizard will appear. Under the Store Location option, select Local Machine
and click Next.
3. Specify the file to import. The location of you certificate should already be provided in the File
Name field space. Click Next.
4. Enter the certificate’s password. This is the password that should already be associated with the
certificate, not a new one. Check any additional import options that may be applicable. Click
Next.
5. Select which store the certificate will be imported to. You can choose to have the store
automatically selected, however, since MorphoManager will be expecting the certificate to
reside in the either the Personal store or the Trusted Root Certification Authorities store, select
the option that allows you to place the certificate to the store of your choosing and browse to
the required location. Click OK and then Next.
6. Finally, ensure that the information provided on the last screen is correct and click the Finish
button to begin the import process. Once complete a prompt will appear informing you that the
import was successful.
Create a Sub-folder called MorphoManager in the same directory as the OpenSSL.exe app. Launch
OpenSSL as an Administrator and run the following commands.
Certificate Authority
1. req -new -newkey rsa:1024 -nodes -out MorphoManager\MorphoManager.csr -keyout
MorphoManager\MorphoManager.key -sha512 -subj /CN=MorphoManager
3. Create a copy of the newly created MorphoManager.pem file in the MorphoManager folder and
rename the copy “MorphoManager.bin”