Search Results for

    Show / Hide Table of Contents

    Certificate Request Plugin Configuration

    Last updated on September 9, 2021.

    Document Status: Document Developer Quality Complete.

    Introduction

    The Certificate Request REST endpoint is a plugin that runs on the RPS Web API. The plugin serves as a Certificate Authority (CA) interface for RPS, but can operate independently of RPS.

    Requirements

    The following sections describe the requirements for configuring the Certificate Request plugin.

    RPS Settings

    RPS Settings are encrypted settings stored in %APPDATA%\Rps\RpsSettings.txt. The settings can be configured using Set-RpsStorageValue cmdlet and retrieved using Get-RpsStorageValue from the Rps-Api module. The following settings are required for the RPS Web API host to run correctly:

    Setting Name Purpose
    RpsWebApiThumbprint Thumbprint of the certificate that will be used for RPS Web API host SSL binding.
    RpsWebApiUrl The URL the RPS Web API host will listen on. For example: https://member.unit.domain:8080

    RpsWebApi Files

    Folder Name Purpose
    C:\Source\RpsWebApi Contains the files required to run the RPS Web API host.
    C:\Source\RpsWebApi\Plugins\Rps.CertificateRequest.RpsPlugin Contains the plugin required to run the Certificate Request REST endpoint.

    RpsWebApi Service

    RpsWebApi should be configured as a service with the executable path set to: C:\Source\RpsWebApi\Rps.Web.Api.exe.

    RpsWebApi Service Account

    The Windows account running the RpsWebApi service needs the following:

    • Granted the Log on as a service User Rights Assignment.
    • The certificate specified by thumbprint in the RpsWebApiThumbprint setting, will need to be installed in the Cert:\CurrentUser\My certificate store of the RpsWebApi service account.
    • Registered Service Principal Name (SPN) in the domain. For example, from a Windows command prompt using the setspn command, the following code snippet would register the service account named RpsWebApiSvc for HTTP service running on a server named member.unit.domain:

      setspn -S HTTP/member.unit.domain RpsWebApiSvc
      
    In This Article
    Back to top Generated by DocFX