Certificate Request Plugin Configuration
Last updated on September 9, 2021.
Document Status: Document Developer Quality Complete.
Introduction
The Certificate Request REST endpoint is a plugin that runs on the RPS Web API. The plugin serves as a Certificate Authority (CA) interface for RPS, but can operate independently of RPS.
Requirements
The following sections describe the requirements for configuring the Certificate Request plugin.
RPS Settings
RPS Settings are encrypted settings stored in %APPDATA%\Rps\RpsSettings.txt
.
The settings can be configured using Set-RpsStorageValue
cmdlet and retrieved using Get-RpsStorageValue
from the Rps-Api module.
The following settings are required for the RPS Web API host to run correctly:
Setting Name | Purpose |
---|---|
RpsWebApiThumbprint | Thumbprint of the certificate that will be used for RPS Web API host SSL binding. |
RpsWebApiUrl | The URL the RPS Web API host will listen on. For example: https://member.unit.domain:8080 |
RpsWebApi Files
Folder Name | Purpose |
---|---|
C:\Source\RpsWebApi | Contains the files required to run the RPS Web API host. |
C:\Source\RpsWebApi\Plugins\Rps.CertificateRequest.RpsPlugin | Contains the plugin required to run the Certificate Request REST endpoint. |
RpsWebApi Service
RpsWebApi should be configured as a service with the executable path set to: C:\Source\RpsWebApi\Rps.Web.Api.exe
.
RpsWebApi Service Account
The Windows account running the RpsWebApi service needs the following:
- Granted the Log on as a service User Rights Assignment.
- The certificate specified by thumbprint in the RpsWebApiThumbprint setting, will need to be installed in the Cert:\CurrentUser\My certificate store of the RpsWebApi service account.
Registered Service Principal Name (SPN) in the domain. For example, from a Windows command prompt using the
setspn
command, the following code snippet would register the service account named RpsWebApiSvc for HTTP service running on a server named member.unit.domain:setspn -S HTTP/member.unit.domain RpsWebApiSvc