Versions Compared

Old Version 4

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version Current

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Axidian CertiFlow can work with Microsoft

...

CAs that are

...

located outside of the domain

...

hosting the CertiFlow server.
This could be a scenario where a company has several independent domains with

...

separate CAs in each

...

domain, with Axidian CertiFlow deployed only in one of those domains. 

When issuing a smart card, Axidian CertiFlow addresses the MSCA Proxy, and the

...

Proxy sends

...

a request to the target

...

CA using the Enrollment Agent certificate

...

Follow these steps to install and configure the MSCA Proxy application

...

:

  1. Create a service account

...

  1. for Microsoft CA in an external domain

...

  1. .

  2. Configure the Enrollment Agent certificate template for the

...

  1. service account and issue the certificate.

    Warning

    The Enrollment Agent certificate

...

  1. must reside in the certificate storage of a workstation (

...

  1. local computer) with

...

  1. CertiFlow.MSCA.Proxy component installed.

...


  2. Install the

...

  1. CertiFlow.MSCA.Proxy.msi component

...

  1. on a workstation running in

...

  1. one domain with an external CA.

    Note

    System requirements for

...

  1. Proxy installation are the same as

...

  1. for Axidian CertiFlow server components.

...


  2. Switch to C:\inetpub\wwwroot\mscaproxy folder and open Web.config file in Notepad as administrator.

...

  1. Specify the

...

  1. following settings in caProxySettings section:
    • CA name in the

...

    • ca parameter

...

    • .
    • Credentials of the account

...

    • with Enrollment Agent certificate (userName and password

...

    • ).

...

    • Thumbprint of the Enrollment Agent certificate in enrollmentAgentCertificateThumbprint parameter.

      Code Block
      languagexml
      titleExample

...

    • <caProxySettings ca="

...

    • servercm.

...

    • external.

...

    • com\

...

    • EXTERNAL-CA"

...

    •  userName="

...

    • EXTERNAL\

...

    • extserviceca" password="p@ssw0rd"
enrollmentAgentCertificateThumbprint="

...

    • dbd1859d27395860843643ebe17e2ee3fc463aba"/>

...


  2. Specify the service account

...

  1. for the CA in the allow users parameter of authorization section.

    Code Block
    languagexml
    titleExample

...

  1. <authorization>
	<deny users="?" />
	<allow users="

...

  1. EXTERNAL\

...

  1. extserviceca" />
	<deny users="*" />
</authorization>

...


  2. Save

...

  1. your settings.