This version of the Ed-Fi Dashboards is no longer supported. See the Ed-Fi Technology Version Index for a link to the latest version.

 

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

The Ed-Fi Dashboards require a secure network connection between client and server. Developers can create a self-signed certificate to work with the Ed-Fi Dashboards securely on a development machine. This documentation provides a step-by-step setup guide.

A summary of the steps is as follows:

The detail for each step is outlined below.

Step 1. Create a Certificate using the Visual Studio Command Prompt

Launch a Visual Studio command prompt, and issue the commands below (found at Start > Microsoft Visual Studio 2010 > Visual Studio Tools > Visual Studio Command Prompt).

Enter a password to protect the certificate. In the command lines below, it is assumed that a password of "p@ssw0rd" was used (substitute it accordingly in the pvk2pfx command below).

D:\Projects>makecert -r -n CN=STSTestCert -sv STSTestCert.pvk STSTestCert.cer
Succeeded

D:\Projects>cert2spc STSTestCert.cer STSTestCert.spc
Succeeded

D:\Projects>pvk2pfx -spc STSTestCert.spc -pvk STSTestCert.pvk -pfx STSTestCert.pfx -pi p@ssw0rd -po p@ssw0rd

Step 2. Import and Configure the Certificate

Once the .pfx file has been created:

  • Click on Start > Run..., and then type "mmc" and hit Enter.
  • Add the "Certificates" plugin. When prompted, choose "Local Machine".
  • Expand Certificates > Personal
  • Right click > All Tasks > Import... and select the *.pfx file that was created above.
  • Right click on the newly added certificate, select All Tasks > Manage Private Keys... > and add Read permissions for the IIS_IUSRS group.
  • Expand Trusted Root Certification Authorities and import the certificate here as well. No special permissions need to be applied.

 

This step is appropriate for development machines, but not for a production server. Trusting this certificate means that any certificates created with this certificate will be trusted by the system, and represents a potential security vulnerability.

Step 3. Update the Web Project Configuration File

As a final step, you need to get the newly created/imported certificate's fingerprint. Issue the following commands:

certmgr -s -r localMachine my > MyCerts.txt
notepad MyCerts.txt


You should see content that looks like the following:

==============Certificate # 1 ==========
Subject::
  [0,0] 2.5.4.3 (CN) STSTestCert
Issuer::
  [0,0] 2.5.4.3 (CN) STSTestCert
SerialNumber::
   55 42 B9 30 13 A7 26 A5 44 B9 BA 0A 55 ED C9 14
SHA1 Thumbprint:: 
      FAA98C88 4BF16333 76F23847 3BD12DCC 9C405975 
MD5 Thumbprint:: 
      02237355 382AC699 BAB8604E B1E45AE6 
Key MD5 Thumbprint:: 
      E6657045 ECB6DDF2 FEB1706D 4E0BD8CA 
Provider Type:: 1 Provider Name:: Microsoft Strong Cryptographic Provider Flags: 0x20 Container: {C79847BD-32C6-49BB-B859-41744501394E} KeySpec: 2
NotBefore:: 
  Sat Oct 27 23:54:26 2012
NotAfter:: 
  Sat Dec 31 18:59:59 2039


Update the STS web project's config file with the SHA1 Thumbprint value, as follows (removing spaces):

        <trustedIssuers>
          <add thumbprint="FAA98C884BF1633376F238473BD12DCC9C405975" name="https://localhost/EdFiDashboardDev_STS/" />
        </trustedIssuers>

 

  • No labels