3.b. Generate client certificates from the server console

This approach allows an administrator to generate the required certificates on the server and to easily generate zip archives that can be "installed" on computers running E3.

Generating client certificates

1. Press the "Clients" button as shown above

2. Enter the username and password for the selected mandant

3. Press the green plus button next to each user to generate a client certificate

4. Download the Desktop / Web certificate zip archives for that particular user

The Desktop certificate zip archive contains the required files to ensure secure communication to the server, and this archive needs to be imported by using the Mandant editor on the E3 client machine, as show below, by pressing the Import Certificates button. Simply select the Desktop zip archive and the certificates will be automatically imported in the E3 system.

The Web certificate zip archive contains the following files:

1. root.pem - the root certificate public key that needs to be placed in the Trusted Root Certificate Authorities in order for the browser to accept the secure connection

2. MANDANT.USER.pfx - the actual certificate required for the secure connection by the browser. This certificate needs to be imported in the local certificates store. In order to import it you will require a password - this password is the username!

The next page will explain how to setup the E3 client and the browser to work with the Stunnel proxy.