Exporting Certificates to Client Machines


Applies To: Service Bus for Windows Server 1.1, Service Bus for Windows Server 1.0

If you want remote clients to be able to connect to a Service Bus for Windows Server management endpoint or Service Bus for Windows Server gateway to configure an auto generated SSL certificate, export the auto generated SSL certificate authority (CA) and revocation list (CRL) to those clients. Use the following procedure:

  1. On the machine where the server is installed, open the Service Bus for Windows Server PowerShell console and use the Get-SBAutoGeneratedCA cmdlet to export the Certificate Authority and Revocation list. If you do not provide file names, this cmdlet will export the Certificate Authority to AutoGeneratedCA.cer, and revocation list to AutoGeneratedCA.crl files.

  2. Copy the files to the client machine.

  3. On the client machine open an MMC window, and add the Certificates snap-in, pick the Computer Account and Local Computer options when asked.

  4. In the MMC window, right click the Certificates\Trusted Root Certification Authorities, open All Tasks, and select Import. Select the AutoGeneratedCA.cer file and import it.

  5. In the MMC window, right click on the Intermediate Certification Authorities and import the CRL files. Select the AutoGeneratedCA.crl file and import it.

At this point you should be able to trust connections from that particular client. The CER format exports only the public key, not the private key.