Binding Customer-Specific Certificates with the Edge Relay Server

You can create and bind customer-specific certificates to validate Apex One server and Security Agent communication with the Edge Relay Server.

Important:

When using customer-specific certificates, the certificates must include both public and private keys in order to sign out other certificates.

Due to the public and private key requirement, you may not be able to utilize most third-party commercial CAs.

  1. Prepare the customized Webhost certificate:

    • Must be issued by a CA that is included in the trusted store

    • Store in the "Web hosting" certificate store: "My" or "webhosting"

    • Record the following information required during binding:

      • Certificate subject

      • Certificate issuer

    Important:

    When using customer-specific certificates, the certificates must include both public and private keys in order to sign out other certificates.

    Due to the public and private key requirement, you may not be able to utilize most third-party commercial CAs.

  2. Prepare a valid certificate to replace the self-signed OsceOPA certificate.

    • Must be issued by a CA that is included in the trusted store

    • Required certificate subject: OsceOPA

      Important:

      The certificate subject is case-sensitive.

    • Store in the "OfcEdge" certificate store and remove any other certificates from the store

  3. Locate the Edge Relay Server Registration Tool from the following location on the Edge Relay Server computer:

    <Apex One Edge Relay installation directory>\OfcEdgeSvc\ofcedgecfg.exe

  4. Open a command line editor with administrator privileges.

    Right-click cmd.exe and click Run as administrator.

  5. Change the directory to the location of the ofcedgecfg.exe file.
  6. Execute the following command:

    ofcedgecfg.exe --cmd bindwebsite --certsubject <Webhost certificate subject name> --certstore <My | webhosting> --certissuer <Webhost certificate_issuer> --opacertpwd <OsceOPA certificate password>

  7. Run the following command to re-register the Edge Relay Server to the Apex One server:

    ofcedgecfg.exe --cmd reg --server <server address> --port <port> --pwd <root password>

  8. Instruct all off-premises users to connect directly to the local intranet to allow the Security Agent to receive the updated certificates and reconnect to the Edge Relay Server.
Parent topic: Edge Relay Server Registration Tool