Bentley Communities
  • Site
  • User
  • Site
  • Search
  • User
  • Welcome
  • Products
  • Support
  • About
  • More
  • Cancel
elcoCAD | Promis.e
  • Product Communities
  • More
elcoCAD | Promis.e
elcoCAD | Promis.e Wiki Create a security certificate for password encryption
    • Sign in
    • +Electrical and Instrumentation - Wiki
    • +Bentley Raceway and Cable Management
    • +Bentley Substation
    • -Promis.e
      • +CONNECT Edition - Promis.e
      • V8i - Promis.e
      • About Promis.e
      • +Administration Features - Promis.e
      • +APIs_VBA - Promis.e
      • +Automation Features - Promis.e
      • +Component Features - Promis.e
      • +Component Management - Promis.e
      • +CONNECT Services - Promis.e
      • +Data Manager - Promis.e
      • +Database Platform Support - Promis.e
      • +Display - Promis.e
      • +Drawing Management - Promis.e
      • +Engineering Design Considerations - Promis.e
      • Error - Object reference...General
      • +Find_Replace - Promis.e
      • Finding the Tutorial
      • -Installation_Configuration - Promis.e
        • Alert - UI Fail to delete folder
        • Anatomy of the ect.fid file
        • Application Data (per-user configuration) - Promis.e
        • AutoCAD - Previews flicker or are blank
        • Cannot uninstall software
        • Catalog cache - promis.e
        • Clean Installation
        • +Compatibility Chart - Promis.e V8i
        • Create a security certificate for password encryption
        • Creating a deployment image for Silent Install
        • Data folder archive
        • Device.mdb - Promis.e
        • Diagnose a program crash using Event Viewer
        • Distribute custom Parts Database Manager layout
        • Distributing the Setup configuration
        • Error - .MDB file in use or locked by another user
        • Error - 1603, installation failed, fatal error
        • Error - Access to the path 'C:\Users\[user name]\AppData\Roaming\Bentley\promis-e V8i(M)' is denied.
        • Error - Can not find a valid AutoCAD, fail to start
        • Error - Can not find a valid MicroStation, fail to start
        • Error - Can't Install or Find AccessDatabaseEnginex64
        • Error - Fail to load plugin
        • Error - Not enough space on drive C:\ to extract this package
        • Error - Object reference, get_IsCommandProtectionOn
        • Error - Project file is corrupt
        • Error - Refresh catalog database error
        • Error - Root element is missing
        • Error - The Microsoft Jet database engine cannot find the input table or query 'Mode'.
        • Error - UI Fail to delete folder
        • Error - Unable to find Multi-Language_UI.mdb although it exists
        • Error at Startup - AutoLoad x64.scr Can't find file
        • Error at startup - Boolean Init
        • Error at startup - cannot find input table or query sym0
        • Error at startup - No value given / given key not present (Multi_Language_UI.mdb)
        • Error at Startup - Operation must use an updateable query
        • Error at startup - The given key was not present in the dictionary (Device.mdb)
        • Error at startup - The type initializer for ECT.ECAD.UI.ShapeManager threw an exception
        • Error at Startup - Unrecognized database format, Device.mdb
        • Error at startup - Void folder Explorer_ExplorerNodeChanged
        • Error Creating New Projects, "UpdateProjectOptionXmlToNewVersion"
        • Error on startup - Cannot modify the design of table BlkInfo
        • Error Opening Project Manager
        • Error-Data at the root level is invalid. Line 1,Position 1.
        • Evaluation version does not download
        • File Open dialog appears at startup
        • How to download the Promis.e software
        • Install promis.e on the network
        • Installing with no internet connection
        • Macro seed file folder - promis.e
        • +Network Installation Guide
        • No right-click menu appears
        • Program data folder - Promis.e
        • Program folder - Promis.e
        • Promis.e Paths
        • Promise Data folder
        • Random, distorted, or extra lines appear on every DGN file
        • Select Data Folder appears at startup
        • Specify a Setup Configuration at startup
        • Startup Error: Promis.e not responding
        • Updating and Upgrading Promis.e
        • Why should I upgrade Promis.e?
      • +Interoperability - Promis.e
      • +Licensing - Promis.e
      • +Maintenance Features - Promis.e
      • +Migration - Promis.e
      • +OS Support - Promis.e
      • +Panel Layout - Promis.e
      • +Performance - Promis.e
      • +PowerPlatform Support - Promis.e
      • +Print_Publish Features - Promis.e
      • +Project Management - Promis.e
      • +ProjectWise Integration - Promis.e
      • Promis.e Help file
      • +Reports_Output Features - Promis.e
      • +Template Management - Promis.e
      • +Text Tools - Promis.e
      • Training FAQs
      • +Wire Numbering - Promis.e
      • +Wiring Features - Promis.e

     
     Questions about this article, topic, or product? Click here. 

    Create a security certificate for password encryption

      Product(s): Promis.e, Bentley Substation
      Version(s): 08.11.13.xx
      Environment: N/A
      Area: Installation_Configuration
      Subarea: N/A

    Background

    Some organizations may set up a mechanism by which the setup.xml is distributed to all users in order to distribute a common setup configuration. Because each user’s machine will have a unique certificate installed by default, this mechanism will fail if passwords are stored in the file as is the case with SQL server authentication (as opposed to using Windows Authentication).

    In order for SQL server authentication to work, the same certificate must be installed on each user’s machine, and the Setup.xml must be directed to use that certificate. This article describes how to obtain a certificate that can be installed on all machines.

    Creating and distributing a security certificate is not necessary if using Windows Authentication on Setup or if the Setup.xml file is not going to be distributed.

    Steps to Accomplish

    Create the certificate

    Makecert.exe is Microsoft’s tool for creating certificates. It is available through the Windows SDK.

    To create a certificate that can be installed on multiple computers, follow this procedure:

    1. Run makecert.exe to create the certificate and private key file (at the prompt, enter a password for the private key or click None)

      MakeCert -r -n “CN=ExampleCertificate” -a sha256 -sky exchange -sr LocalMachine –sv ExampleCertificate.pvk ExampleCertificate.cer

    2. Run pvk2pfx.exe to create a .pfx file that can be imported into the certificate store. The .pfx file contains the certificate and private key.

      pvk2pfx -pvk ExampleCertificate.pvk -spc ExampleCertificate.cer -pfx ExampleCertificate.pfx

    Install the Certificate

    Install the .pfx file in the certificate store using the Microsoft Management Console plugin.

    1. Launch the Microsoft Management Console. Select Start > Run and enter mmc.exe.
    2. Select File > Add/Remove Snap-in
    3. Select Certificates from the available snap-ins and click the Add button.
    4. Select the Computer account option and click Next.
    5. Select the Local computer option and click Finish.
    6. Click OK on the Add or Remove Snap-ins dialog.
    7. On the Console dialog, expand Console Root > Trusted Root Certification Authorities > Certificates.
    8. Right-click Certificates and select All Tasks > Import.
    9. Click Next on the Certificate Import Wizard.
    10. Click Browse and select the .pfx file created in the previous procedure.
    11. Continue through the wizard to complete the import. Make sure the check box named “Mark this key as exportable. This will allow you to back up or transport your keys at a later time.” is not set. You don’t want users to be able to export the private key, and you already have the .pfx file.
    12. Back on the Console dialog with Console Root > Trusted Root Certification Authorities > Certificates highlighted, find the imported certificate. Right-click it and select Open.
    13. Select the Details tab on the resulting Certificate dialog.
    14. Select the Thumbprint field in the top pane.
    15. Select the contents of the bottom pane and press CTRL+C to copy it to the clipboard.

    Set Setup.xml to use the certificate

    1. Open Setup.xml in a text editor such as Notepad. Setup.xml is located in the following path:

      [ promis.e program data ]\Config\Setup.xml

      [ Substation program data ]\Config\Setup.xml

    2. Paste the Thumbprint value copied in the previous section over the Thumbprint value in the Setup.xml file. This value is highlighted below. The spaces in the pasted value can be removed, but this is not necessary.

      <Configuration using="ANSI-IEEE Default">
        <Log Enable="false" Prefix="@" Postfix="@" />
        <OEM Feature="0" />
        <Certificate thumbprint="D07B60E49E688709ED73D21D90A747519DBBBF5A" />
        <Config name="ANSI-IEEE Default">

    3. Save the Setup.xml file.
    4. Confirm that the configuration works by starting the software, opening the Setup dialog, using SQL server authentication, and clicking the Apply button. If the dialog says "Configuration saved" it is working.

    Distribute the certificate and Setup.xml

    1. Install the certificate on each workstation by copying the .pfx file to the workstation and following steps 1 - 11 of the Install the Certificate procedure above.
    2. Rename the Setup.xml file on the workstation to Original_Setup.xml.  Setup.xml is located in the following path:

      [ promis.e program data ]\Config\Setup.xml

      [ Substation program data ]\Config\Setup.xml

    3. Copy the Setup.xml file configured in the Set Setup.xml to use the certificate procedure above to the \Config folder of the workstation (where Original_Setup.xml resides).

    See Also

    Distributing the Setup configuration

    Network Installation Guide

      Original Author: daveg, Matt_P
    • promis.e
    • Bentley Substation
    • en
    • Installation_Configuration
    • Share
    • History
    • More
    • Cancel
    • Matt_P Created by Communities MVP Matt_P
    • When: Wed, May 11 2016 5:52 PM
    • Matt_P Last revision by Communities MVP Matt_P
    • When: Thu, Jan 18 2018 6:18 PM
    • Revisions: 2
    • Comments: 0
    Anonymous
    Recommended
    Related
    Communities
    • Home
    • Getting Started
    • Community Central
    • Products
    • Support
    • Secure File Upload
    • Feedback
    Support and Services
    • Home
    • Product Support
    • Downloads
    • User Management
    • Licensing Manager
    Training and Learning
    • Home
    • About Bentley Institute
    • My Learning History
    • Reference Books
    Social Media
    •    LinkedIn
    •    Facebook
    •    Twitter
    •    YouTube
    •    RSS Feed
    •    Email

    © 2019 Bentley Systems, Incorporated  |  Contact Us  |  Privacy |  Terms of Use  |  Cookies