To authorize a client machine to view encrypted data, you must request an encryption
certificate from the client machine. You then install the certificate with the private key
locally, and transfer the
certificate
with the public key to the Archiver responsible for encryption.
Before you begin
There are many ways to request and manage
digital certificates. Before you proceed, consult your IT department about your
company's policies and standard procedures.
What you should know
The encryption certificate contains a pair of public and private keys. The public key
is used by the Archiver to encrypt the private data for a specific client machine. The private
key is used by the client machine to decrypt the private data.BEST PRACTICE: The
private key should never leave the machine on which it is needed.
To request and install an encryption certificate on a client
machine:
-
Log on as a local administrator of the client machine.
-
Add the Certificates snap-in to your local computer
account.
Installing the certificates in the local computer store gives you more control over
the management of private keys.
-
Follow your company's procedure for requesting and installing the certificate.
-
If the client is supposed to have access to encrypted data for a limited time, set the
certificate's expiry date accordingly.
-
If you do not plan to run Config
Tool
from this computer, export the certificate with only the public key to a
certificate (.cer) file.
Save the certificate file to a location that can be accessed from the workstation from
which you plan to run Config
Tool.
