Communications between the FTK Self-Host Service and its browser-based end-user interface require the use of a certificate.
The certificate must meet the following requirements:
• The certificate format must follow the X.509 standard and be RFC 5280 compliant.
• The signature algorithm used for the certificate must be sha256RSA (SHA-256).
• The Private certificate must be provided in a password-protected .PFX format.
• The X509v3 KeyUsage section of the certificate must contain the Digital Signature and Key Encipherment attributes.
• The X509v3 ExtendedKeyUsages section of the certificate must contain the serverAuth attribute.
• The Subject Alternative Name (“SAN”) should include the FQDN of the host where the certificate will be used, as well as any aliases that might be necessary.
Note: Some implementations may require the purchase of a properly configured certificate from a commercial Certificate Authority.