Certificates can be generated as a self-signed certificate in IIS, an internal certificate authority (ca), or a publicly known certificate authority such as Verisign.

To create a self-signed certificate:

1. Select the server node in the tree view and double-click the Server Certificates feature in the list view.

![](../../images/screenshot-servercertificates.png)

2. Click Create Self-Signed Certificate... in the Actions pane.

![](../../images/screen-shot-servercertificatesactions.png)

3. Enter a friendly name and click OK.

![](../../images/screenshot-servercert-friendlyname.png)

Once the certificate is created, ensure the certificate is installed in the client machine store in order to access the vault server.

Configure Client Workstations

The following must be performed on the machine connecting to the Vault Server.

Install the Certificate (ca)

1. Launch the MMC -> Add Certificates Snap-in for Local Machine.
2. Import %ca_NAME%.pfx to the "Certificates - (local-computer) -> Trusted Root Certification Authority location.
3. Import %ca_NAME%.crl to the "Certificates - (local-computer) -> Trusted Root Certification Authority location.