Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry AtHoc
  3. BlackBerry AtHoc Integrations
  4. Cisco IP Phone Blast NDS Installation Guide
  5. Set up the Windows server

Set up the 
Windows
 server

This section is for reference only and is not a part of Blast System configuration. The Blast System configuration program automatically performs these steps on a machine where the selected port is free of bindings.
If you have to perform these steps manually, then run the Blast System configuration program from a command prompt, as an administrator. When applicable, use makecert / netsh  to install the certificate chain on the server hosting the application. 
Configuration
Command and description
Create Root Authority Cert
 
makecert -n "CN=SynAppsAuthCA" -cy authority -a sha256 -sv "SynAppsAuthCA.pvk" -r "SynAppsAuthCA.cer"
Requires that the 
makecert.exe
 file is included with the Authenticator installation at: 
C:\Program Files (x86)Syn-Apps\Authenticator\Certificates\makecert.exe.
Set a password and use the same password in both pop-ups.
Results are in the same directory as makecert.
Store Root Cert
  1. Execute 
    MMC
     (
    Start
     > 
    Find: MMC
    ).
  2. Add the 
    Certificates snap-in
     (for Local Computer, not the default  Current User.)
  3. Navigate to 
    TrustedRoot Certification Authorities
    , right–click, and select 
    All Tasks
     > 
    Import
    .
  4. Browse to the previously created SynAppsAuthCA.cer and import it.
Create Application Cert
 
makecert -n "CN=<IP>" -ic "SynAppsAuthCA.cer" -iv "SynAppsAuthCA.pvk" -a sha256 -sky exchange -pe -sr localmachine -ss my "SynAppsAuth.cer"
Replace the <IP> with the IP settings value used in the BlastNotifier configuration file. This is the IP address of the interface we are to bind to on the local machine.
Enter the password from the first makecert step.
Store Application Cert
  1. Execute 
    MMC
     (
    Start
     >
    Find: MMC
    ).
  2. Add the 
    Certificates snap-in
     (for Local Computer, not the default 'Current User').
  3. Navigate to 
    Personal
    , right–click and select 
    All Tasks
     > 
    Import
    .
  4. Browse to the previously created SynAppsAuth.cer and import it.
Bind Cert
 
netsh http add sslcert ipport=0.0.0.0:<Port> certhash=<Thumbprint> appid={00112233-4455-6677-8899-AABBCCDDEEFF}
where 
<Port>
 is the Port as set in the BlastNotifier configuration file. This should be a free port as we are binding to all available interfaces in this case.
where 
<Thumbprint>
 is the thumbprint from the details panel of the 
SynAppsAuth.cer
 (double-click it in the MMC view). Remove all spaces.
If a binding already exists for this port it must first be removed using the following command:
netsh http delete sslcert ipport=0.0.0.0:<Port>
Verify Proper Operation
  1. Open the URL in a browser on the application server. This is the only place the certificate authority is trusted. 
    http(s) //<IP>:<Port>/<UrlPath>/Authenticate?UserId=<userName>&Password=<password>
    Example:  
    https://10.0.0.100:6443/Authenticator/Authenticate?UserId=SynApps&Password=SynApps
  2. Verify that there are no security warnings when in secure mode.
  3. Verify that the browser body shows 'AUTHORIZED'.
This test generally applies to the Authenticator module only. For other modules, test the functionality as normal.