Login
Home CMS Documentation Home CMS 10 Administration Special Topics for Admin RavenDB Certificates

RavenDB Certificates

Use the Ingeniux CMS Site Instance Wizard to generate server and client X.509 security certificates or provide your own for your Ingeniux CMS 10.6 instance and its Raven Database (RavenDB) 5.2 instance, or for your Ingeniux CMS 10.5 instance and its RavenDB 4.x instance.

The RavenDB service uses the server certificate to perform behind-the-scenes operations (e.g., data encryption on disk, SSL resolution).

The CMS application and DSS Preview clients connect to the RavenDB. The RavenDB client uses the client certificate to validate the identities of users. In RavenDB 4.2–5.2, all authentication is accomplished through certificates; therefore, in CMS 10.5–10.6, only users who attempt to access RavenDB from clients with authorized client certificates gain access to the database. The application of this RavenDB authentication certificate depends on if you intend to install RavenDB on the same server as the CMS instance installation or remotely. Administrators set up a certificate to access RavenDB at one of two junctures within the Site Instance Wizard for CMS 10.6 or CMS 10.5.

  • To install the RavenDB on the same server as the CMS, select the Local Install option in the wizard. In following views, the wizard prompts you to indicate the server certificate type to use for the RavenDB server and then prompts you to configure how you would like the client certificate for the RavenDB client to be generated.
  • Alternatively, to install RavenDB on a server other than where your CMS will reside, select the External URI option. The wizard prompts you to indicate the client certificate to use for the RavenDB client.

Server and Client Certificates for Local RavenDB Servers

To configure a server certificate for a local RavenDB server:
  1. Select the Local Service option for RavenDB, and click Next.

    CMS 10.5–10.6 Local RavenDB Installation via Select RavenDB Location Screen

    The RavenDB Server Configuration screen displays, where you can select the type of certificate to use for the RavenDB server.
  2. Choose one of the following options.
    • Select the Self-Signed Certificate option to generate the certificate via the CMS instance installer process, and then complete the associated fields.

      CMS 10.5–10.6 Self-Signed Certificate via RavenDB Server Configuration Screen

      Additional Information
      A self-signed certificate is a security certificate that is not signed by a certificate authority (CA); rather, it is signed by the same entity that it certifies.

      This option creates and registers the certificate on the system during the CMS instance installer process. The certificate authenticates the RavenDB instance and CMS instance. A self-signed certificate may be particularly useful for temporary or staging server scenarios.

      After you provide the RavenDB host name and port number on the RavenDB server, the Ingeniux CMS installation creates the self-signed certificate for you.

      FieldDescription
      Server Certificate Password (optional)Enter a server certificate password.
      Important
      If you enter a password in this field, password validation becomes required to access the server certificate.
      RavenDB Host

      Enter the appropriate RavenDB host (e.g., raven.server.com or 127.0.0.1). The CMS instance name displays as the default.

      Note
      We recommend maintaining the CMS instance name. If you have multiple RavenDB services, maintaining the name helps you to clarify which RavenDB host associates with each CMS instance.
      Raven Server Port Number

      Enter the filepath to the appropriate RavenDB instance port number. A wildcard character (*) will notify the system to check for and select an available port number.

      The system starts checking at 8080. If unavailable, the system runs a loop, incrementing the port number up by one until the system finds an available port number. This port check is performed on this screen and an available port is displayed.

      RavenDB Service Account drop-down list
      Version Notes: CMS 10.5.114-10.6
      Based on your CMS implementation, select one of the following drop-down list options:
      • LocalService. This option is selected by default. In general, we recommend keeping this option selected.
      • LocalSystem. If you use a Windows 2012/2012 R2 environment, then the installer requires you to select this option. Running the database service as LocalService will not provide adequate permissions to the certificate store required for RavenDB authentication. Select LocalSystem to bypass these conflicts when working with Windows 2012/2012 R2.
        Caution
        In CMS 10.5.94, the RavenDB Service Account drop-down list is unavailable. If you use a Windows 2012/2012 R2 environment with CMS 10.5.94, then Ingeniux CMS requires you to install CMS 10.5.114.
    • Select Manual Certificate to provide your own certificate, then complete the associated fields.

      CMS 10.5–10.6 Manual Certificate via RavenDB Server Configuration Screen

      Additional Information
      Rather than having the installation wizard create a self-signed certificate, you can provide a server certificate for your local RavenDB server, manually. This may be particularly useful if you require the certificate to be signed by a certification authority.
      FieldDescription
      Certificate File PathEnter the filepath to the appropriate certificate (.pfx file). Use the Browse button to navigate to the certificate in your system's File Explorer.
      Server Certificate File Password (optional)This field is optional. Enter the password for the indicated server certificate file.
      RavenDB Host

      Enter the appropriate RavenDB host URI (e.g., raven.server.com or 127.0.0.1). The CMS instance name displays as the default.

      Note
      We recommend maintaining the CMS instance name. If you have multiple RavenDB services, maintaining the name helps you to clarify which RavenDB host associates with each CMS instance.
      Raven Server Port Number

      Enter the filepath to the appropriate RavenDB instance port number. A wildcard character (*) will notify the system to check for and select an available port number.

      The system starts checking at 8080. If in use, the installation wizard increments upwards to find the next available port. The wizard will automatically perform this check on this step and display an available port.

      RavenDB Service Account drop-down list
      Version Notes: CMS 10.5.114-10.6
      Based on your CMS implementation, select one of the following drop-down list options:
      • LocalService. This option is selected by default. In general, we recommend keeping this option selected.
      • LocalSystem. If you use a Windows 2012/2012 R2 environment, then the installer requires you to select this option. Running the database service as LocalService will not provide adequate permissions to the certificate store required for RavenDB authentication. Select LocalSystem to bypass these conflicts when working with Windows 2012/2012 R2.
        Caution
        In CMS 10.5.94, the RavenDB Service Account drop-down list is unavailable. If you use a Windows 2012/2012 R2 environment with CMS 10.5.94, then Ingeniux CMS requires you to install CMS 10.5.114.
  3. Click Next.
    The RavenDB Client Configuration screen displays. Use this view to configure the client certificate settings.
  4. Choose one of the following options.

    • Select the Default option to use a client certificate generated by the RavenDB server.

      The certificate file will be placed on disk and the CMS will reference this file for client authentication.

      If you choose a client certificate password, password validation becomes required to access the client certificate.

      CMS 10.5–10.6 Default RavenDB Client Configuration

    • Select the Thumbprint option to use a client certificate already installed on your machine.

      The machine references the certificate from the Local Machine Store via thumbprint ID. Each certificate contains a thumbprint ID. The client certificate will not exist on disk if this option is used.

      CMS 10.5–10.6 Thumbprint RavenDB Client Configuration

  5. Click Next.

Client Certificates for Remote RavenDB Servers

Choose this option if the RavenDB instance will reside on a server other than the one where the CMS instance resides. This option requires the site administrator to set up the RavenDB instance beforehand.

If RavenDB will be installed on a server other than the CMS server (External URI option), you must provide the URI to the server where RavenDB will be located and the path to the .pfx file.

To configure a security certificate for a remote RavenDB server:
  1. If you choose the External URI installation option for RavenDB, complete the associated fields.

    CMS 10.5–10.6 External URI via Select RavenDB Location Screen

    FieldDescription
    RavenDB URIEnter the appropriate external RavenDB instance URI.
    Client Certificate File Path (.pfx)Enter the filepath to the appropriate client certificate (.pfx file).
    Client Certificate Password (optional)Enter a client certificate password.
    Important
    If you enter a password in this field, password validation becomes required to access the client certificate.
  2. Click Next.

Next Steps:

After configuring RavenDB and its security certificate for CMS 10.6 or CMS 10.5, return to the appropriate set of wizard instructions to complete the process.