Installing an Authenticate Certificate

Summary

This document details how to install a new Authenticate certificate.

Solution

The solution is split into two sections, for different versions of Authenticate. The first section applies to versions 1.10 and above. The second section applies to versions 1.06 and below.

Version 1.10 and above:

Open the Certificate Administration utility, either from the Authenticate Program Group in the Start Menu:

or by opening certinst.exe in the Authenticate installation directory.

If you are replacing an existing certificate, select it from the list and click “Remove”.

Then, to install a new certificate, click “Import” and then navigate to the certificate file (.pfx). When prompted, enter the password for the certificate and the appropriate certificate store (see the note below for more information on this).

Version 1.06 and below:

If you are replacing an existing certificate or already have Authenticate installed please follow all of the instructions below. If you don’t yet have a certificate installed, skip steps 2 and 3.

1) Open the command prompt and navigate to the Authenticate Pro Web install directory on your Authenticate server. 

2) Next run the following command to view if there are certificates already installed:

certinsn -b

The name of any certificates will be shown in the last line e.g.

C:\Program Files\QAS\Authenticate Pro Web 1.01>certinsn -b
No CERTSTORE specified, using default : User;IdentifierAuthenticate;Sys
Opening CURRENT_USER store MY
Opening SERVICES store - using "IdentifierAuthenticate" MY
Opening LOCAL_MACHINE store MY
Certificates in store
IdentifierAuthenticate U QAS063 Experian (UK) UAT Hosted

Certificate name is "U QAS063" in this example. If there is a certificate present (as in the above example) please move on to step 3, if not please move to step 4.

3) Please take note of the name and text immediately prior to the name (either User, IdentifierAuthenticate, Sys) as this indicates where your certificate is installed (certificate store).

Once you have found the name of your certificate please delete this using the following command:

certinsn -d -s:"Certificate name" –C:<certificate store>

An example of this command being used is shown below:

C:\Program Files\QAS\Authenticate Pro Web>certinsn -d -s:"U QAS063" -C:sys

Opening LOCAL_MACHINE store MY

Deleted U QAS063 (Experian (UK) UAT Hosted)

4) Finally add your new certificate by copying the appropriate certificate file from the zip folder into the Authenticate install directory and running the following command:

certinsn –F:“Full file path” –P:<password> –C:<certificate store>

This will add the new certificate to your Authenticate install. An example of this command being used is shown below.

C:\Program Files\QAS\Authenticate Pro Web>certinsn -F:"C:\Program Files\QAS\Authenticate Pro Web\qas063-b1s.pfx" -P:******* -C:sys

Opening LOCAL_MACHINE store MY

Opening LOCAL_MACHINE store Root

Installed certificates :

U QAS063

Please Note:

The password is sent out when you purchase Authenticate, if you do not have this password please contact Technical Support by email at support@qas.com or by phone on 0207 498 77 88.

The certificate store is the level at which your certificate is stored:

User (certificate is available to current user only)

IdentifierAuthenticate (certificate is available only to those who can access the Authenticate service)

Sys (certificate will be installed at system level for all users to access)