When you deploy your custom solution, we recommend that the HTTPS protocol be used in order to improve the security of your data and privacy of your users. By default, HTTPS will allow only the client to authenticate the server; however, mutual certificate authentication will allow both the client to authenticate the server and the server to authenticate the client. If HTTPS is used, you will need to take the following certificate considerations into account:
- The Front End Server or Standard Edition server running the QoE
Agent must trust the root CA that issued the certificate that is
used by the Web server.
- The subject name of the server certificate must match the FQDN
of the report consumer URL that is configured in the
ConsumerURLproperty in WMI. For details, see
WMI Reference
for QoE Solutions.
- The subject name of the server certificate must match the FQDN
of the report consumer URL that is configured in the
ConsumerURLproperty in WMI. For details, see
WMI Reference
for QoE Solutions.
- If you want to use mutual certificate authentication, a client
certificate must be configured on the Front End Server or Standard
Edition server running the QoE Agent. For the client certificate,
you must ensure the following:
- The certificate is stored in the local computer store so that
the QoE Monitoring Server can locate the certificate.
- The certificate has the enhanced key usage (EKU) extension for
client authentication.
- The metric report consumer server is configured to trust the
root certification authority (CA) that issued the client
certificate. The root CA needs to be stored in the "Trusted Root
Certification Authorization" folder under the local computer store.
- Appropriate permissions are granted to the
RTCComponentUniversalServices domain group for the certificate to
be read.
- The certificate is configured in Microsoft Windows® Management
Instrumentation (WMI) on the Front End Server or Standard Edition
server running the QoE Agent. For details, see
WMI Reference
for QoE Solutions.
Note:On a heterogeneous Windows environment that uses Windows Certificate Services, trust is usually implicit, but it may require some extra configuration if a non-Windows Web server is used for the metric report consumer.
- The certificate is stored in the local computer store so that
the QoE Monitoring Server can locate the certificate.
For details about Certificate Services, see "Certificate
Services" at the Microsoft Web site: