1. Background
In order for the On-Premise Active Directory server to synchronize user and password information with the HENNGE Access Control cloud service, a Root Certificate is required to be installed into the server. This manual instructs you on the installation of Root Certificate.
2. Precautions
In order for HENNGE Directory Sync Tool to be installed, Admin permissions of the Active Directory server are required.
3. Procedures
For the server that has the HENNGE Directory Sync Tool installed, both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] certificates are required to be installed.
Please follow the [ Prerequisite ] manual first, then follow the manual according to the version of the server that the HENNGE Directory Sync Tool is installed.
This server certificate is used very commonly, and there are no issues or security reports related to this certificate.
The server will not require any downtime on the server machine. (There will not be any restart of the server required.)
Prerequisite: Download the Certificate+
※ Please operate the procedures in this manual in your local client.
Step 1. Access the following URL, and download the [ AddTrust External CA Root ] certificate.
AddTrust External CA Root.cer
Step 2. Access the Amazon Trust Services Repository Web Page.
Open the Browser and access the URL below.
https://www.amazontrust.com/repository/
Step 3. Download the Amazon Root CA 1 Server Certificate.
Download the certificate [ Amazon Root CA 1 ] under the [ Root CAs ] certificates, and download the version DER onto your server.
Download the AmazonRootCA1.cer certificate.
※ The following screenshot is an example of using the "Internet Explorer" Browser to download the certificate, the actual screen may differ according to your environment.
Certificate Installation Procedure (Windows Server 2008 R2)+
Step 1. Login to the server with an Admin account.
Step 2. Click on [ Start ] menu and input [ mmc ], look for the [ mmc.exe ] in the search results, and click on it.
Step 3. Click on the [ File ] on the top menu of the MMC Window.
Step 4. Click on the [ Add/Remove Snap-in... ].
Step 5. Look for [Certificates] in the [ Add or Remove Snap-ins ].
Step 6. Click on [ Add > ].
Step 7. Click on [ Computer account ], and click on [ Next > ].
Step 8. Click on [ Local Computer ], and click on [ Finish ].
Step 9. Ensure that the [ Certificates (Local Computer) ] is already added, and click on [ OK ].
Step 10. In the [ Console Root ], look for [ Certificates (Local Computer) ] and click on it.
Step 11. Double click on [ Trusted Root Certification Authorities ].
Step 12. Click on [ Certificates ].
Step 13. Check to see if both certificates [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are found under the certificates console.
If both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] certificates are found, the operation is completed.
You can now close the Microsoft Management Console Window and the operation has been completed.
If either [ AddTrust External CA Root ] or [ Amazon Root CA 1 ] are not found, please follow the following steps.
Step 14. Please prepare the two certificates mentioned in the previous steps mentioned in the [ Prerequisites ] operation.
Step 15. Double click on the certificate to be installed and click on the [ Install Certificate ].
Step 16. Click on [ Next > ].
Step 17. Select the [ Automatically select the certificate store based on the type of certificate ], and click on [ Next ].
Step 18. Click on [ Finish ].
Step 19. Wait for the [ The Import was successful ] message, and click on [ OK ].
Step 20. Perform the procedures described from 15 to 19 for the other certificate.
Step 21. Perform procedures Step 2 to 13 again to check if both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are both present.
The procedure has been finished for certificate installation.
Please close the Microsoft Management Console Window and complete the operation.
Certificate Installation Procedure (Windows Server 2012 / Windows Server 2012 R2)+
Step 1. Login to the server with an Admin account.
Step 2. Click on [ Start ] menu and input [ mmc ], look for the [ mmc.exe ] in the search results and click on it.
Step 3. Click on the [ File ] on the top menu of the MMC Window
Step 4. Click on the [ Add/Remove Snap-in... ].
Step 5. Look for [Certificates] in the [ Add or Remove Snap-ins ].
Step 6. Click on [ Add > ].
Step 7. Click on [ Computer account ], and click on [ Next > ].
Step 8. Click on [ Local Computer ], and click on [ Finish ].
Step 9. Ensure that the [ Certificates (Local Computer) ] is already added, and click on [ OK ].
Step 10. In the [ Console Root ], look for [ Certificates (Local Computer) ] and click on it.
Step 11. Double click on [ Trusted Root Certification Authorities ].
Step 12. Click on [ Certificates ].
Step 13. Check to see if both certificates [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are found under the certificates console.
If both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] certificates are found, the operation is completed.
You can now close the Microsoft Management Console Window and the operation has been completed.
If either [ AddTrust External CA Root ] or [ Amazon Root CA 1 ] are not found, please follow the following steps.
Step 14. Please prepare the two certificates mentioned in the previous steps mentioned in the [ Prerequisites ] operation.
Step 15. Double click on the certificate to be installed and click on the [ Install Certificate ].
Step 16. Click on [Local Machine], and click on [ Next > ].
Step 17. Select the [ Automatically select the certificate store based on the type of certificate ], and click on [ Next ].
Step 18. Click on [ Finish ].
Step 19. Wait for the [ The Import was successful ] message, and click on [ OK ].
Step 20. Perform the procedures described from 15 to 19 for the other certificate.
Step 21. Perform procedures Step 2 to 13 again to check if both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are both present.
The procedure has been finished for certificate installation.
Please close the Microsoft Management Console Window and complete the operation.
Certificate Installation Procedure (Windows Server 2016)+
Step 1. Login to the server with an Admin account.
Step 2. Click on [ Start ] menu and input [ mmc ], look for the [ mmc.exe ] in the search results and click on it.
Step 3. Click on the [ File ] on the top menu of the MMC Window
Step 4. Click on the [ Add/Remove Snap-in... ].
Step 5. Look for [Certificates] in the [ Add or Remove Snap-ins ].
Step 6. Click on [ Add > ].
Step 7. Click on [ Computer account ], and click on [ Next > ].
Step 8. Click on [ Local Computer ], and click on [ Finish ].
Step 9. Ensure that the [ Certificates (Local Computer) ] is already added, and click on [ OK ].
Step 10. In the [ Console Root ], look for [ Certificates (Local Computer) ] and click on it.
Step 11. Double click on [ Trusted Root Certification Authorities ].
Step 12. Click on [ Certificates ].
Step 13. Check to see if both certificates [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are found under the certificates console.
If both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] certificates are found, the operation is completed.
You can now close the Microsoft Management Console Window and the operation has been completed.
If either [ AddTrust External CA Root ] or [ Amazon Root CA 1 ] are not found, please follow the following steps.
Step 14. Please prepare the two certificates mentioned in the previous steps mentioned in the [ Prerequisites ] operation.
Step 15. Double click on the certificate to be installed and click on the [ Install Certificate ].
Step 16. Click on [Local Machine], and click on [ Next > ].
Step 17. Select the [ Automatically select the certificate store based on the type of certificate ], and click on [ Next ].
Step 18. Click on [ Finish ].
Step 19. Wait for the [ The Import was successful ] message, and click on [ OK ].
Step 20. Perform the procedures described from 15 to 19 for the other certificate.
Step 21. Perform procedures Step 2 to 13 again to check if both [ AddTrust External CA Root ] and [ Amazon Root CA 1 ] are both present.
The procedure has been finished for certificate installation.
Please close the Microsoft Management Console Window and complete the operation.