Self-signed certificates can provide adequate security on small intranets or in situations with limited users and controlled environments. For larger and more general purpose use, you may want to consider purchasing a certificate so that Pleasant Password Server can be accessed by external users via a domain name (FQDN).
To ensure that the certificate works with the domain name you will be using, the Common Name of the certificate must match the entire domain name or contain a wildcard (if you are going to use a subdomain).
For instance, if you want to use passwords.yourdomain.com:10001 as your URL, then your certificate should be purchased as either passwords.yourdomain.com or *.yourdomain.com. A wildcard certificate (*) can be used on any subdomain.
For Password Server versions 4.1.1 or earlier, refer to these instructions for importing a third-party certificate.
To change the certificate that Password Server uses, run the Pleasant Service Configuration Utility that was packaged and installed with the server. By default, it can be accessed via the Start menu:
Programs -> Pleasant Password Server -> Service Configuration
To use your own certificate, follow these steps:
At any point, the certificate used can be reverted back to the default placeholder certificate by clicking the Clear button within the Certificate Configuration section of the Service Configuration Utility.
This setting will persist through future updates of Pleasant Password Server.
You will need to download the certificate from your certificate vendor in *.pfx format. This format contains both the public and private keys. The private key is essential as it is used by the server to create the secure connections.
There should be a list of folders on the left. The top folder should be Personal followed by Trusted Root Certification Authorities. These folders represent the various certificate stores for the local computer.
Search for the serviceCertificate section.
<serviceCertificate findValue="passwords.mydomain.com" x509FindType="FindBySubjectName" storeLocation="LocalMachine" storeName="My" />
Note: Accessing the Pleasant Password Server website from addresses other than the domain of the certificate (such as https://localhost:10001) will cause the web browser to display a certificate error. This is because browsers check that the domain name in the address bar matches the name on the certificate.