Connected 25.2 Help Center

Install the Connected device client certificate

Connected applications use the Connected device client certificate to establish a secure connection to Connected Key Management Server (CMX-KMS). Use the information in this section to install the Connected device client certificate on a computer.

NOTE: Connected applications will not work correctly unless the Connected device client certificate is installed on the device.

Before you begin

To install a new certificate or replace an existing one (such as before it expires), ensure that you have created the new or replacement certificate in accordance with the documentation provided by the Connected Key Management Server Installation Guide, available from the Connected documentation site. In addition, ensure that you have followed the documentation to import it into the CMX-KMS keystore so the application can use it to verify the copy of the certificate that Connected applications present to it.

Install the certificate for Agents

The Agent reads the Connected device client certificate from disk. You can install the certificate in either the user's or system's application data folder, depending on which location best meets your needs. For example, if multiple Connected users share the computer, install the certificate in the system's folder so that it applies to all users. You can use the instructions provided in this task to install the certificate manually or you can deploy it using a custom process that distributes and installs it on one or more clients at the same time. See more.

NOTE: Installation of the certificate file is outside of the Agent installation process. As a result, the file remains after you uninstall the Agent using the typical uninstall process. To remove the certificate after uninstalling the Agent, manually delete it.

Before you begin

Ensure that the name of the Connected device client certificate is cmxDevice.p12.

The Agent installation process creates the folder in which you will store the certificate. Therefore, install the Agent (but do not sign in) before installing the certificate. The Agent needs the certificate to encrypt and decrypt data, so sign in only after installing the certificate.

To install the certificate for Agents prior to Connected

Distribute the cmxDevice.p12 certificate to the computer, and then place it into one of the following locations:
- On Windows-based computers, either:
  - system-specific location. %ALLUSERSPROFILE%\Connected MX
  - user-specific location. %LOCALAPPDATA%\Connected MX
- On macOS-based computers, either:
  - system-specific location. /Library/Application Support/Connected MX
  - user-specific location. $HOME/Library/Application Support/Connected MX

To install the certificate for Connected Agents

Distribute the cmxDevice.p12 certificate to the computer, and then place it into one of the following locations:
- On Windows-based computers, either:
  - system-specific location. %ALLUSERSPROFILE%\Connected
  - user-specific location. %LOCALAPPDATA%\Connected
- On macOS-based computers, either:
  - system-specific location. /Library/Application Support/Connected
  - user-specific location. $HOME/Library/Application Support/Connected

Update cacert.pem

Update the cacert.pem if the KMS certificate is not signed by well known root CAs.

Windows

Under user-specific location. %LOCALAPPDATA%\Connected (for Connected Agents) and %LOCALAPPDATA%\Connected MX (for prior to Connected Agents), locate the cacert.pem.
Update cacert.pem with root CA which is used to sign KMS certificate.

macOS

Under user-specific location. $HOME/Library/Application Support/Connected (for Connected Agents) and $HOME/Library/Application Support/Connected MX (for prior to Connected Agents), locate the cacert.pem.
Update cacert.pem with root CA which is used to sign KMS certificate.

Install the Connected device client certificate

Install the certificate for Agents

Install the certificate for the ExportData tool