Supported HSMs. Transferring HSM-protected keys to Key Vault is supported via two different methods depending on the HSMs you use. Use the table below to determine which method should be used for your HSMs to generate, and then transfer your own HSM-protected keys to use with Azure Key Vault. Using product keys with Office. In the Sign in to set up Office screen, select I don't want to sign in or create an account (it's a small link at the bottom of the window). Enter your Microsoft HUP product key to activate Office. Contact support about my product key.
Applicable Products
Objective
This article describes how to manually create and install self-signed Server and Root CA test certificates using a Public Key Size greater than 512 bits for implementation between Access Gateway Enterprise Edition, Web Interface, and Presentation Server. SSL >> SSL Certificates >> Create and Install a Server Test Certificate:
The GUI on the Access Gateway has a tool for creating and installing self-signed test Server and Root CA Certificates available under:
When this link is selected, the Access Gateway prompts the user to provide:
Certificate File Name and Fully Qualified Domain Name:
After the requested information is provided the Access Gateway creates the following seven files under the /nsconfig/ssl directory:
Server Certificate files:
Certificate Authority (CA) files:
The new self-signed/test server certificate will be displayed under SSL > Certificates:
The limitation of these 6 files, is that its Public Key Size is 512 bits. You can verify that on the GUI by going to SSL >> Certificates, highlight the certificate (such as: company.example.cer) and click Details:
For implementation between the Access Gateway Enterprise Edition, Web Interface and Presentation Server the minimum Public Key Size supported is 1024 bits. Note: Certificates created with this procedure are not suitable for use with virtual server on NetScaler Gateway because of enhanced security in the current versions of the Citrix Receiver for all platforms. See CTX101990 - Error: Server certificate received is not trusted (SSL Error 61).
The following procedure describes the necessary steps to manually create and install a self-signed server and root test certificates for the FQDN company.example.com using a Public Key Size greater than 512 bits. Instructions
The following are the prerequisites:
Complete the following procedures:
Create ROOT CA files: Private Key, Certificate Signing Request (CSR) and ROOT CA Certificate
ROOT CA Private Key
ROOT CA Certificate Signing Request (CSR)
ROOT CA Certificate
Create SERVER Files: Private Key, Certificate Signing Request (CSR) and Server Certificate
Server Private Key
Server Certificate Signing Request (CSR)
Server Certificate
Install the Server Certificate on the NetScalerHue Hd Com Support Generate Offline Keyboard
Export the ROOT CA file
ROOT CA certificate Installation on Web Interface server and the Client PC testing the connectionHue Hd Com Support Generate Offline Key Quests
Add the Certificates snap-in for the Local Computer account
Additional ResourcesHuehd.com Support Generate Offline Key Quests
WinSCP download: http://winscp.net/eng/download.php -->
PuTTY download: http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
For added assurance, when you use Azure Key Vault, you can import or generate keys in hardware security modules (HSMs) that never leave the HSM boundary. This scenario is often referred to as bring your own key, or BYOK. Azure Key Vault uses nCipher nShield family of HSMs (FIPS 140-2 Level 2 validated) to protect your keys.
This functionality is not available for Azure China 21Vianet.
Note
For more information about Azure Key Vault, see What is Azure Key Vault?
For a getting started tutorial, which includes creating a key vault for HSM-protected keys, see What is Azure Key Vault?. Supported HSMs
Transferring HSM-protected keys to Key Vault is supported via two different methods depending on the HSMs you use. Use the table below to determine which method should be used for your HSMs to generate, and then transfer your own HSM-protected keys to use with Azure Key Vault.
Next steps
Follow Key Vault Best Practices to ensure security, durability and monitoring for your keys.
Comments are closed.
|
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |