Beruflich Dokumente
Kultur Dokumente
Introduction
We require that you generate your own private key because the one that we gave you was
generated by us and sent to you over e-mail. We want you to have total control over who gets
access to this key. To accomplish this control, you need to generate a new private key for your
application in Production that is different from the private key that it uses in the Partner Dev/Test
environment.
The key that you are about to create is your application’s private key.
Minimizing the number of servers that know your key reduces the chances of that key being
compromised. When preparing to go live, you must generate a public certificate that matches
your private key, and then send that certificate to the Microsoft HealthVault team so that it can
be registered on our server.
If you already had a PFX with this name installed on the server, you must uninstall it.
• Use the MMC script (LM_Personal_Certs.msc) provided in the Downloads section of the
HealthVault MSDN site, and then right-click the old certificate and select Delete.
Note: Old certificates are not cleanly deleted if a process currently has them open. You may need
to shut off any Web server instances that are currently running.
Makecert.exe creates a private certificate and loads it on the machine on which you are running
makecert, in LocalMachine\My (your personal store on the local machine). Makecert also creates
a corresponding public certificate that matches the installed private key, and places it in the file
specified in the command line. The public certificate is DER encoded.
If you lose the file that MakeCert generated, or if you generated your private key in a different
way, you can export a DER-encoded public certificate using the Microsoft Management
Console. The corresponding private key is wrapped in a certificate that has been installed in your
LocalMachine\My store.
For example:
3. Send the resulting CER file to Microsoft. This file contains the DER-encoded public key.
When Microsoft tells you that the CER has been registered on the server for your AppId, install
the PFX on your application server(s).
Note: If you still have the certificate that we gave you loaded on this box, it will
be hard to tell the two apart. If you have not already done so, run the delete
procedure described above.