EMCO Remote Shutdown server allows connection from both local and remote clients, including those from other Windows domains and those reachable through the Internet only. When connecting to the EMCO Remote Shutdown server using the windows credentials of the session run by the client, the integrated security is used for authentication and communication processes. In a cross-domain case, the client is authenticated to the server using the specified windows credentials, and the server is authenticated with the help of a domain identification certificate enabling communication over a secure socket layer of a TCP channel. This process can be configured on the Connection Options preference page Pic 1. This page is also used to enable the e-mail notifications on issues with the server, if required. To open the Server Configuration page, click the Preferences button in the Application Menu and press the corresponding link in the navigation bar on the left of the Preferences dialog within the Miscellaneous group.
If enabled, the server part of Remote Shutdown can send e-mail notification messages to the administrator in case of any issues with the server. If you are interested in such notifications, just check the corresponding checkbox and provide the administrator e-mail address to the Administrator E-mail field.
By default, the server uses a self-signed custom certificate issued to RemoteShutdownServer.exe, thus there is actually no identification of the server host. It is possible to accept this certificate when connecting to the server; however, it is strongly recommended to use a certificate that actually identifies the server. Such a certificate should be issued to the specific server host by a certification authority trusted in your organization.
For a digital certificate to be used by Remote Shutdown for authenticating the server, the following set of requirements must be met:
- The certificate must include the Server Authentication (220.127.116.11.18.104.22.168.1) within its Intended Purpose.
- The certificate's Valid From date must be earlier and the Valid To date must be later than the connection date.
- The digital certificate must be placed in the Local Computer certificates storage.
- The private key must be available together with the signing certificate in the certificates storage. In case you have a private key in a separate file, please use the tool provided by Microsoft for preparing a private & public key pair to be imported into the certificates storage as described here: Pvk2Pfx, Combine PVK + SPC to PFX.
To choose a certificate, you should use the Select Certificate button in the Certificate field. A dialog will be displayed showing you the server authentication certificates available on the PC hosting the service. You can review detailed information on each of the available certificates using the View Certificate button. The same button is also available in the Certificate field when a server authentication certificate is already selected. The Reset Certificate button in the Certificate field should be used to discard the selected certificate and use the default one.
To start using the selected certificate for securing communication, it is required to restart the server. The program will notify you of it and prompt for an immediate server restart.