Connection Options Page
EMCO Remote Shutdown Enterprise server allows connection from both local and remote clients, including those from other Windows domains and those reachable through the Internet only. When connecting to the EMCO Remote Shutdown Enterprise server using the windows credentials of the session run by the client, the integrated security is used for authentication and communication processes. In a cross-domain case, the client is authenticated to the server using the specified windows credentials, and the server is authenticated with the help of a domain identification certificate enabling communication over a secure socket layer of a TCP channel. This process can be configured on the Connection Options preference page Pic 1. To open the Connection Options page, click the Preferences button in the Application Menu and press the corresponding link in the navigation bar on the left of the Preferences dialog within the Miscellaneous group.
By default, the server uses a self-signed custom certificate issued to RemoteShutdownEnterpriseServer.exe, thus there is actually no identification of the server host. It is possible to accept this certificate when connecting to the server; however, it is strongly recommended to use a certificate that actually identifies the server. Such a certificate should be issued to the specific server host by a certification authority trusted in your organization.
For a digital certificate to be used by Remote Shutdown for authenticating the server, the following set of requirements must be met:
- The certificate must include the Server Authentication (18.104.22.168.22.214.171.124.1) within its Intended Purpose.
- The certificate's Valid From date must be earlier and the Valid To date must be later than the connection date.
- The digital certificate must be placed in the Local Computer certificates storage.
- The private key must be available together with the signing certificate in the certificates storage. In case you have a private key in a separate file, please use the tool provided by Microsoft for preparing a private & public key pair to be imported into the certificates storage as described here: Pvk2Pfx, Combine PVK + SPC to PFX.
To choose a certificate, you should use the Select Certificate button in the Certificate field. A dialog will be displayed showing you the server authentication certificates available on the PC hosting the service. You can review detailed information on each of the available certificates using the View Certificate button. The same button is also available in the Certificate field when a server authentication certificate is already selected. The Reset Certificate button in the Certificate field should be used to discard the selected certificate and use the default one.
To start using the selected certificate for securing communication, it is required to restart the server. The program will notify you of it and prompt for an immediate server restart.