Setup certificate encryption

1. Generate Certificates

First, a certificate pair must be generated in the "Certificates" tab of the save options in IBI-helpMe Admin.

2. Export client certificates

The just generated certificate pair must now be exported via the "Export client certificates" option.

3. Distribute certificates

In order for the IBI-helpMe clients to be able to read the configuration file that is later encrypted with the certificate pair, this certificate pair is required for decryption. For this purpose, the certificate pair must be made available to all clients.

Replace certificate

If a certificate pair is to be exchanged, both the new and the old certificate pair must be distributed until the new certificate pair is activated (in a later step).

The following options are available for this purpose

Certificate store (recommended)
The exported client certificates can be imported into the certificate store of any computer.

File
Alternatively, the certificate pair can be provided directly via the exported client certificate file.

Further details on the configuration of the two variants can be found at CertificateSource.

4. Wait until the certificate is available everywhere

The certificate pair cannot be used until it is available everywhere.

Please check with the appropriate people for the current distribution status.

5. Extend IBI-helpMe client call

If the client certificates were distributed as a file or not via the computer's certificate store [LocalMachine]\My, the IBI-helpMe Client call must be extended via the CertificateSource start parameter.

6. Wait until the adjusted IBI-helpMe call has been executed everywhere

This step is only necessary if the IBI-helpMe Client call was adjusted in the previous step.

Make sure that all IBI-helpMe Clients were/are started with the extended start parameter, e.g. by adjusting the corresponding start script.

Continue only when is ensured.

7. Activate certificates

If the client certificates are available everywhere and, if necessary, the IBI-helpMe Client call has been adjusted, the certificate pair can be marked as "active" in the IBI-helpMe Admin.

8. Save configuration file

Finally, the configuration file should be save so that it is written encrypted.

9. Enable only encrypted data in IBI-helpMe client (optional)

Perform this step only when you are sure that all IBI-helpMe Clients use encryption.

By specifying the start parameter AcceptEncryptedDataOnly you can prevent the IBI-helpMe Client from continuing to process unencrypted configuration files and thus increase the protection against unauthorized manipulation.