91
Copyright © Acronis, Inc., 2000-2010
Self-signed certificates, such as certificates automatically generated during the installation of an
Acronis component.
Non-self-signed certificates, such as certificates issued by a third-party Certificate Authority
(CA)—for example, by a public CA such as VeriSign
®
or Thawte™—or by your organization's CA.
Certificate path
All Acronis components installed on a machine, when acting as a server application, use an SSL
certificate called the server certificate.
In Windows, the certificate path and the server certificate's file name are specified in the registry key
HKEY_LOCAL_MACHINE\SOFTWARE\Acronis\Encryption\Server
. The default path is
%SystemDrive%\Program Files\Common Files\Acronis\Agent.
To ensure reliability, the certificate is stored in Windows Certificate Store at the following location:
Certificates (Local Computer)\Acronis Trusted Certificates Cache.
For self-signed certificates, the certificate thumbprint (also known as fingerprint or hash) is used for
future host identification: if a client has previously connected to a server by using a self-signed
certificate and tries to establish connection again, the server checks whether the certificate's
thumbprint is the same as the one used before.
In case the list of certificates for the local machine is not displayed in the Certificates console, you
can use the following procedure.
To open the list of a machine's certificates
1.
Click Start, then click Run, and then type: mmc
2.
In the console, on the File menu, click Add/Remove Snap-in.
3.
In the Add/Remove Snap-in dialog box, click Add.
4.
In the Add Standalone Snap-in dialog box, double-click Certificates.
5.
Click Computer account, and then click Next.
6.
Click Local computer, and then click Finish.
Tip:
Alternatively, you can manage the list of certificates of a remote machine. To do this, click
Another
computer
and then type the remote machine's name.
7.
Click Close to close the Add Standalone Snap-in dialog box, and then click OK to close the
Add/Remove Snap-in dialog box.
Self-signed certificates
On machines running Windows, if the certificate location contains no server certificate, a self-signed
server certificate is automatically generated and installed during the installation of any Acronis
component except Acronis Backup & Recovery 10 Management Console.
If the machine is renamed after its self-signed certificate was generated, the certificate cannot be
used and you will need to generate a new one.
To generate a new self-signed certificate
1.
Log on as a member of the Administrators group.
2.
In the Start menu, click Run, and then type: cmd
3.
Run the following command (note quotation marks):
"%CommonProgramFiles%\Acronis\Utils\acroniscert" --reinstall