Website and Web Application Certificate Stores

Depending on the type of certificate used for website or web application, you must install the certificates in the appropriate Windows Certificate store of a system where you are launching the Windows App Client. It can also depend on the fact that the web application can contain a different certificate from that of its parent website.

You can use the Windows Certificate store described in the following table to the SMC-created as well as commercial certificates.

Certificate Used for

Certificate Type

Install in the Windows Certificate Store

Remarks

Website

Self-signed

Trusted Root Certification Authorities (TRCA)

You must import the self signed certificate in the Trusted Root Certification Authorities (TRCA) Windows Certificate store.

Host

 

The host certificate is installed in Trusted Root Certification Authorities (TRCA). However, to work with Windows App clients, you must ensure the following:

  • If the host certificate was created with SMC, you must import the root certificate of the host certificate in the Trusted Root Certification Authorities Windows Certificate store.
  • If the certificate is a commercial certificate, then the Root Certification Authority and the Intermediate Certification Authority certificates are usually already available in the corresponding Windows Certificate stores.

Web Application

Self-signed

Trusted Root Certification Authorities (TRCA)
and
Trusted Publisher (TP)

  • If the web application contains a different self-signed certificate than that of the parent website, then that parent website’s self-signed certificate must be added in the Trusted Root Certification Authorities (TRCA) store of the Windows Certificate store on the system where you launch Windows App Clients.

Host

Trusted Publisher (TP)

  • The root certificate of the web application host certificate must be added in the Trusted Root Certification Authorities (TRCA) of the Windows Certificate Store.
  • If the web application contains a a different host certificate than that of the parent website, then its root certificate must be added in the Trusted Root Certification Authorities store of the Windows Certificate store on the system where you launch Windows App Clients.
NOTICE

Validity of Self-Signed Cerificates

Self-signed certificates allow local deployments without the overhead of obtaining commercial certificates. When using self-signed certificates, the owner of the Desigo CC system is responsible for maintaining their validity status, and for manually adding them to and removing them from the list of trusted certificates.

Self-signed certificates must only be used in accordance with local IT regulations (several CIO organizations do not allow them, and network scans will identify them). Importing the commercial certificates follows the same procedures.

You must ensure the compliant installation of the trusted material on the involved machines, for example, on all Installed Clients. In some organizations, this must be done by the IT organization.