Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications (see Figure 8).
Figure 8 – Access control selection.
The Indeed CM system consists of a number of services:
- Management console (icm web application)
- Self-service (icmservice web application)
- Remote self-service (icmremote web application)
- Smart card unlock service (credprovapi web application)
- API service (icmapi web application)
- Smart card status monitoring (no web application provided)
Each service has its own configuration files and access settings.
When Windows authentication is selected, the following access control parameters are set:
- Authentication: Windows (other methods are disabled) for icm, icmservice, icmapi applications
- Authentication: Anonymous (other methods are disabled) for credprovapi application.
- Authentication: Anonymous and using Forms for icmremote application. Other methods are disabled.
- Require SSL for all applications.
- Client certificate: Ignore for all applications.
When Authentication by user’s personal certificates is selected, the following access control parameters are set:
- Authentication: Anonymous for icm, icmservice, icmapi applications. Other methods are disabled.
- Authentication: Anonymous and using Forms for icmremote application. Other methods are disabled.
- Require SSL – for all applications.
- Client certificate: Required – for icm, icmservice, icmapi applications.
- Client certificate: Ignore – for credprovapi and icmremote applications.
Warning |
---|
If the user directory is in Active Directory, then the certificates used for authentication should contain User Principal Name. The certificates without UPN cannot be used for logging into web applications. |
After the system is installed, you can set SSL settings for each application separately, using the IIS Management Console.