Versions Compared

Old Version 10

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version Current

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications.

Image Removed

The Indeed CM system consists of a number of Axidian CertiFlow system consists of the following services:

  • Management console – icm mc web application.
  • Self-service – icmservice ss web application.
  • Remote self-service – icmremote rss web application.
  • Smart card unlock service – credprovapi web application.
  • API service – icmapi api web application.
  • Smart card status monitoring – Card Monitor service, no web application provided.
  • Client Agent services:
    • Agent Registration Service – agentregistrationapi web application.
    • Service for remote task execution – agentserviceapi web application.
Info

Each service has its own configuration files and access settings.

Run the AxidianCertiFlow.Server-<version number>.x64.en-us.msi file from the Axidian CertiFlow installation package and follow the wizard instructions to complete the installation. Select an access control method for all system applications.

Image Added

Scroll Pagebreak

When Windows authentication is selectedIf you select Windows Authentication, the following access control parameters are settings will be set: 

  • Authentication:
    • Windows Authentication (other for mc, ss and api applications. Other methods are disabled) for icm, icmservice, icmapi applications
    • Anonymous Authentication (other methods are disabled) for credprovapi for credprovapi, agentregistrationapi , and agentserviceapi applications. Other methods are disabled. 
    • Anonymous Authentication and Forms Authentication for icmremote rss application.
  • SSL Settings:
    • Require SSL for all applications.
    • Client certificates:
      • Ignore for icm for mc, icmapiss, icmremoterss, icmservice, credprovapi,  agentregistrationapi api and agentregistrationapi applications. 
      • Require for agentserviceapi application.

When If you select Authentication by user’s personal certificates is selected, the following access control parameters are settings will be set: 

  • Authentication:
    • Anonymous Authentication (other methods are disabled) for icm, icmapi, icmservice, credprovapi, agentregistrationapi, agentserviceapi applications.Anonymous Authentication and Forms Authentication (other for all applications. Other methods are disabled) for icmremote application. 
  • SSL Settings:
    • Require SSL – for all applications.
    • Client certificates:
      • Ignorefor credprovapifor rss, icmremotecredprovapi, agentregistrationapi applicationsagentregistrationapi applications.
      • Requiredfor icmfor mc, icmapiss, icmserviceapi, agentserviceapi applications.
Warning

If the user directory is users catalog resides in Active Directory, then the certificates used for authentication should contain User Principal Name (UPN). The certificates Certificates without UPN cannot be used for logging into to log in to web applications.

After the system Axidian CertiFlow is installed, you can set SSL settings for each application separately , using the IIS Management Consolein IIS Manager.