MORE INFORMATION

How to create a certification authority on a computer that is running Microsoft Windows Server 2003

1. Click Start, click Run, type appwiz.cpl, and then click OK.
2. Click Add/Remove Windows Components.
3. Click Certificate Services. You receive the following message:

   After you install Certificate Services, the computer name and domain membership may not be changed due to the binding of the machine name to CA information stored in the Active Directory. Changing the machine name of domain membership would invalidate the certificates issued from the CA. Please ensure the proper machine name and domain membership are configured before installing Certificate Services. Do you want to continue?

4. If you are sure that the computer name and the domain membership do not have to be changed, click Yes, and then click Next.
5. Click Stand-alone root CA, and then click Next.
6. Enter the information in the Common name for this CA field and in the Validity period field, and then click Next.
7. Enter locations for the certificate database, the database log, and the configuration information, and then click Next.
   
   Alternatively, click Next to accept the default values.
8. Click Yes when you receive the following message:

   To complete the installation, Certificate Services must temporarily stop Internet Information Services. Do you want to stop the service now?

9. When you are prompted for the Windows Server 2003 installation files, provide a source for the files to complete the installation.
10. Click Finish.

How to use the certificates on the server that is running Data Bridge Server 2007

1. Download and then import a certification authority certificate to the Data Bridge Server 2007 server. To do this, follow these steps:
   1. In Internet Explorer, visit the following Web site:

      http://ComputerName/certserv

      Do this to connect to Active Directory Certificate Services on the computer on which you configured Certificate Services.
   2. Click Download a CA certificate, certificate chain or CRL.
   3. Open the certificate, and then click Install certificate.
   4. Click Next.
   5. Click Place all certificates in the following store, and then click Browse.
   6. Click Show physical stores, expand Trusted Root Certification Authorities, click Local Computer, and then click OK.
   7. Click Next, and then click Finish.
2. Request a certificate to export to the Data Bridge Server 2007 server. To do this, follow these steps:
   1. In Internet Explorer, visit the following Web site:

      http://ComputerName/certserv

      Do this to connect to Active Directory Certificate Services on the computer on which you configured Certificate Services.
   2. Click Request a certificate.
   3. Click advanced certificate request, and then create a request to this certification authority by clicking to select the following check boxes:
      • Mark keys as exportable
      • Enable strong private key protection
   4. Click Yes when you receive the following message:

      Do you want to request a certificate now?

   5. Click OK.
   6. On the Certificate Issued page, click Install this certificate.
   7. In Internet Explorer, click Internet Options on the Tools menu, and then click the Content tab.
   8. Under Certificates, click Certificates, locate and then click the certificate that you installed, and then click Export.
   9. In the Certificate Export Wizard, click Yes, export the private key, and then click Next.
   10. Create a name for the file. You may want to use the same name as the certificate name. The certificate name must match the member name that you will create later in Groove Management Server. Additionally, when you use the same name for the file, the file will be easier to associate with the correct certificate.
       
       Accept the defaults for other values.
   11. Click OK. The exported certificate appears on the desktop. To use the certificate, you must import it to the Data Bridge Server 2007 server. To do this, go to step 3.
3. Import the certificate to the Data Bridge Server 2007 server. To do this, follow these steps:
   1. Start Microsoft Management Console.
   2. On the File menu, click Add/Remove Snap-in.
   3. Click Add.
   4. In the Add Standalone Snap-ins dialog box, click Certificates, and then click Add.
   5. Click Computer account, and then click Next.
   6. Click Local Computer, and then click Finish.
   7. Click OK, and then click Close.
   8. From Console Root, expand Certificates (Local Computer), right-click Personal, point to All tasks, and then click Import.
   9. Click Next.
   10. Click Browse, locate and then click the certificate, and then click Open.
   11. Click Next.
   12. Click Place all certificates in the following store, click Browse, click Personal, and then click Next.
   13. Click Finish.
       
       Note After you have successfully exported and imported the certificate, you can remove the certificate. To do this, follow these steps:
       1. In Internet Explorer, click Internet Options on the Tools menu.
       2. Click the Content tab, and then click Certificates.
       3. Select the certificate that you want to remove, and then click Remove.
4. Create a managed Groove domain identity that can run Data Bridge Server 2007 as a service. To do this, follow these steps:
   1. In Internet Explorer, visit the following Web site:

      http://ServerName/gms

      Do this to connect to the Groove Management Server.
   2. Expand the Groove domain that will use the certificate.
   3. In the domain, click Members.
   4. On the Members tab, click Add Members.
   5. Click Add Single Member, and then click Next.
   6. In the Select Member Settings dialog box, click Next.
   7. In the Add Single Member dialog box, enter the required information, and then click Finish to create the member.
      
      Note You may want to use an administrative address for the e-mail address so that workspace managers can obtain a point of contact from the member properties.
      
      Data Bridge Server 2007 can now run as a service.