Views:
You can create and bind customer-specific certificates to validate Apex One server and Security Agent communication with the Edge Relay Server.
Important
Important
When using customer-specific certificates, the certificates must include both public and private keys in order to sign out other certificates.
Due to the public and private key requirement, you may not be able to utilize most third-party commercial CAs.

Procedure

  1. Prepare the customized Webhost certificate:
    • Must be issued by a CA that is included in the trusted store
    • Store in the Web hosting certificate store: My or webhosting
    • Record the following information required during binding:
      • Certificate subject
      • Certificate issuer
    Important
    Important
    When using customer-specific certificates, the certificates must include both public and private keys in order to sign out other certificates.
    Due to the public and private key requirement, you may not be able to utilize most third-party commercial CAs.
  2. Prepare a valid certificate to replace the self-signed OsceOPA certificate.
    • Must be issued by a CA that is included in the trusted store
    • Required certificate subject: OsceOPA
      Important
      Important
      The certificate subject is case-sensitive.
    • Store in the OfcEdge certificate store and remove any other certificates from the store
  3. Locate the Edge Relay Server Registration Tool from the following location on the Edge Relay Server computer:
    <Apex One Edge Relay installation directory>\OfcEdgeSvc\ofcedgecfg.exe
  4. Open a command line editor with administrator privileges.
    Right-click cmd.exe and click Run as administrator.
  5. Change the directory to the location of the ofcedgecfg.exe file.
  6. Execute the following command:
    ofcedgecfg.exe --cmd bindwebsite --certsubject <Webhost certificate subject name> --certstore <My | webhosting> --certissuer <Webhost certificate_issuer> --opacertpwd <OsceOPA certificate password>
  7. Run the following command to re-register the Edge Relay Server to the Apex One server:
    ofcedgecfg.exe --cmd reg --server <server address> --port <port> --pwd <root password>
  8. Instruct all off-premises users to connect directly to the local intranet to allow the Security Agent to receive the updated certificates and reconnect to the Edge Relay Server.