Skip to main content
Skip table of contents

Installing a Custom Signing Certificate

Once the Records Management STS is created, an X.509 certificate is registered in IIS that is responsible for signing issued tokens, which ultimately ensures that Claims-Based Security is secure.

Because the out-of-the-box signing certificate that is used is common to all installations of Records Management, you should deploy your own certificate specific to your environment by performing the following steps on each of the Web Servers that will be hosting the Manager Web.

  1. Obtain an X.509 certificate for token signing.

There are several ways to obtain a X.509 certificate for token signing.

  1. Once you have generated a certificate, open IIS and select Certificates.

  2. Select your newly generated certificate and choose Export from the Actions Pane.

  3. On each server hosting the Manager Web, open IIS and select Certificates.

  4. Select Import from the Actions Pane and choose the certificate that you previously exported.

  5. On each server hosting the Manager Web, execute the following PowerShell command:

    Set-RecordsManagerStsWeb -SiteName "Records Management STS" –SigningCertificateSubjectName CN=<YourSubjectName>
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.