Bentley Communities
Bentley Communities
  • Site
  • User
  • Site
  • Search
  • User
  • Welcome
  • Products
  • Support
  • About
  • More
  • Cancel
OpenUtilities
  • Product Communities
  • More
OpenUtilities
OpenUtilities Wiki Create a security certificate for password encryption
    • Sign in
    • +OpenUtilities
    • +Bentley sisHYD Multi Utility
    • Design Features - promis.e Functionality - Promis.e Standard
    • +OpenUtilities Substation
    • Promis.e Paths
    • -Promis.e Wiki
      • +CONNECT Edition - Promis.e
      • About Promis.e
      • +Administration Features - Promis.e
      • +APIs_VBA - Promis.e
      • +Automation Features - Promis.e
      • +Component Features - Promis.e
      • +Component Management - Promis.e
      • +CONNECT Services - Promis.e
      • +Data Manager - Promis.e
      • +Database Platform Support - Promis.e
      • +Display - Promis.e
      • +Drawing Management - Promis.e
      • +Engineering Design Considerations - Promis.e
      • Error - Object reference...General
      • +Find_Replace - Promis.e
      • Finding the Tutorial
      • -Installation_Configuration - Promis.e
        • Alert - UI Fail to delete folder
        • Anatomy of the ect.fid file
        • Application Data (per-user configuration) - Promis.e
        • AutoCAD - Previews flicker or are blank
        • Cannot uninstall software
        • Catalog cache - promis.e
        • Clean Installation
        • +Compatibility Chart - Promis.e V8i
        • Create a security certificate for password encryption
        • Creating a deployment image for Silent Install
        • Device.mdb - Promis.e
        • Distribute custom Parts Database Manager layout
        • Distributing the Setup configuration
        • Error - .MDB file in use or locked by another user
        • Error - 1603, installation failed, fatal error
        • Error - Access to the path 'C:\Users\[user name]\AppData\Roaming\Bentley\promis-e V8i(M)' is denied.
        • Error - Can not find a valid AutoCAD, fail to start
        • Error - Can not find a valid MicroStation, fail to start
        • Error - Can't Install or Find AccessDatabaseEnginex64
        • Error - Fail to load plugin
        • Error - Not enough space on drive C:\ to extract this package
        • Error - Object reference, get_IsCommandProtectionOn
        • Error - Project file is corrupt
        • Error - Refresh catalog database error
        • Error - Root element is missing
        • Error - The Microsoft Jet database engine cannot find the input table or query 'Mode'.
        • Error - UI Fail to delete folder
        • Error - Unable to find Multi-Language_UI.mdb although it exists
        • Error at Startup - AutoLoad x64.scr Can't find file
        • Error at startup - The given key was not present in the dictionary (Device.mdb)
        • Error at startup - The type initializer for ECT.ECAD.UI.ShapeManager threw an exception
        • Error at Startup - Unrecognized database format, Device.mdb
        • Error at startup - Void folder Explorer_ExplorerNodeChanged
        • Error Creating New Projects, "UpdateProjectOptionXmlToNewVersion"
        • Error on startup - Cannot modify the design of table BlkInfo
        • Error Opening Project Manager
        • File Open dialog appears at startup
        • How to download the Promis.e software
        • Macro seed file folder - promis.e
        • +Network Installation Guide
        • Program data folder - Promis.e
        • Program folder - Promis.e
        • Promise Data folder
        • Random, distorted, or extra lines appear on every DGN file
        • Select Data Folder appears at startup
        • Specify a Setup Configuration at startup
        • Startup Error: Promis.e not responding
        • Updating and Upgrading Promis.e
        • Why should I upgrade Promis.e?
      • +Interoperability - Promis.e
      • +Licensing - Promis.e
      • +Maintenance Features - Promis.e
      • +Migration - Promis.e
      • +OS Support - Promis.e
      • +Panel Layout - Promis.e
      • +Performance - Promis.e
      • +PowerPlatform Support - Promis.e
      • +Print_Publish Features - Promis.e
      • +ProjectWise Integration - Promis.e
      • Promis.e Help file
      • +Reports_Output Features - Promis.e
      • +Template Management - Promis.e
      • +Text Tools - Promis.e
      • Training FAQs
      • +Wire Numbering - Promis.e
      • +Wiring Features - Promis.e
      • +Project Management - Promis.e
      • Promis.e Title
      • Working from home with Promise.e
    • Replace Family - Find_Replace - Promis.e
    • SQL Server Login

     
     Questions about this article, topic, or product? Click here. 

    Create a security certificate for password encryption

      Product(s): Promis.e, Bentley Substation
      Version(s): 08.11.13.xx
      Environment: N/A
      Area: Installation_Configuration
      Subarea: N/A

    Background

    Some organizations may set up a mechanism by which the setup.xml is distributed to all users in order to distribute a common setup configuration. Because each user’s machine will have a unique certificate installed by default, this mechanism will fail if passwords are stored in the file as is the case with SQL server authentication (as opposed to using Windows Authentication).

    In order for SQL server authentication to work, the same certificate must be installed on each user’s machine, and the Setup.xml must be directed to use that certificate. This article describes how to obtain a certificate that can be installed on all machines.

    Creating and distributing a security certificate is not necessary if using Windows Authentication on Setup or if the Setup.xml file is not going to be distributed.

    Steps to Accomplish

    Create the certificate

    Makecert.exe is Microsoft’s tool for creating certificates. It is available through the Windows SDK.

    To create a certificate that can be installed on multiple computers, follow this procedure:

    1. Run makecert.exe to create the certificate and private key file (at the prompt, enter a password for the private key or click None)

      MakeCert -r -n “CN=ExampleCertificate” -a sha256 -sky exchange -sr LocalMachine –sv ExampleCertificate.pvk ExampleCertificate.cer

    2. Run pvk2pfx.exe to create a .pfx file that can be imported into the certificate store. The .pfx file contains the certificate and private key.

      pvk2pfx -pvk ExampleCertificate.pvk -spc ExampleCertificate.cer -pfx ExampleCertificate.pfx

    Install the Certificate

    Install the .pfx file in the certificate store using the Microsoft Management Console plugin.

    1. Launch the Microsoft Management Console. Select Start > Run and enter mmc.exe.
    2. Select File > Add/Remove Snap-in
    3. Select Certificates from the available snap-ins and click the Add button.
    4. Select the Computer account option and click Next.
    5. Select the Local computer option and click Finish.
    6. Click OK on the Add or Remove Snap-ins dialog.
    7. On the Console dialog, expand Console Root > Trusted Root Certification Authorities > Certificates.
    8. Right-click Certificates and select All Tasks > Import.
    9. Click Next on the Certificate Import Wizard.
    10. Click Browse and select the .pfx file created in the previous procedure.
    11. Continue through the wizard to complete the import. Make sure the check box named “Mark this key as exportable. This will allow you to back up or transport your keys at a later time.” is not set. You don’t want users to be able to export the private key, and you already have the .pfx file.
    12. Back on the Console dialog with Console Root > Trusted Root Certification Authorities > Certificates highlighted, find the imported certificate. Right-click it and select Open.
    13. Select the Details tab on the resulting Certificate dialog.
    14. Select the Thumbprint field in the top pane.
    15. Select the contents of the bottom pane and press CTRL+C to copy it to the clipboard.

    Set Setup.xml to use the certificate

    1. Open Setup.xml in a text editor such as Notepad. Setup.xml is located in the following path:

      [ promis.e program data ]\Config\Setup.xml

      [ Substation program data ]\Config\Setup.xml

    2. Paste the Thumbprint value copied in the previous section over the Thumbprint value in the Setup.xml file. This value is highlighted below. The spaces in the pasted value can be removed, but this is not necessary.

      <Configuration using="ANSI-IEEE Default">
        <Log Enable="false" Prefix="@" Postfix="@" />
        <OEM Feature="0" />
        <Certificate thumbprint="D07B60E49E688709ED73D21D90A747519DBBBF5A" />
        <Config name="ANSI-IEEE Default">

    3. Save the Setup.xml file.
    4. Confirm that the configuration works by starting the software, opening the Setup dialog, using SQL server authentication, and clicking the Apply button. If the dialog says "Configuration saved" it is working.

    Distribute the certificate and Setup.xml

    1. Install the certificate on each workstation by copying the .pfx file to the workstation and following steps 1 - 11 of the Install the Certificate procedure above.
    2. Rename the Setup.xml file on the workstation to Original_Setup.xml.  Setup.xml is located in the following path:

      [ promis.e program data ]\Config\Setup.xml

      [ Substation program data ]\Config\Setup.xml

    3. Copy the Setup.xml file configured in the Set Setup.xml to use the certificate procedure above to the \Config folder of the workstation (where Original_Setup.xml resides).

    See Also

    Distributing the Setup configuration

    Network Installation Guide

      Original Author: daveg, Matt_P
    • promis.e
    • Bentley Substation
    • en
    • Installation_Configuration
    • Share
    • History
    • More
    • Cancel
    • Matt_P Created by Communities MVP Matt_P
    • When: Wed, May 11 2016 5:52 PM
    • Satish Saptasagar Last revision by Bentley Colleague Satish Saptasagar
    • When: Wed, Apr 15 2020 1:13 PM
    • Revisions: 3
    • Comments: 0
    Recommended
    Related
    Communities
    • Home
    • Getting Started
    • Community Central
    • Products
    • Support
    • Secure File Upload
    • Feedback
    Support and Services
    • Home
    • Product Support
    • Downloads
    • Subscription Services Portal
    Training and Learning
    • Home
    • About Bentley Institute
    • My Learning History
    • Reference Books
    Social Media
    •    LinkedIn
    •    Facebook
    •    Twitter
    •    YouTube
    •    RSS Feed
    •    Email

    © 2021 Bentley Systems, Incorporated  |  Contact Us  |  Privacy |  Terms of Use  |  Cookies