Versions Compared

Old Version 5

changes.mady.by.user Mikhail Yakovlev

Saved on

compared with

New Version Current

changes.mady.by.user Daliya Agletdinova

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications (see Figure 8).

Image RemovedFigure 8 – Access control selection.

The Indeed CM system consists of a number of

Axidian CertiFlow system consists of the following services:

  • Management console (icm mc web application).
  • Self-service (icmservice – ss web application).
  • Remote self-service (icmremote – rss web application).
  • Smart card unlock service (service – credprovapi web application).
  • API service (icmapi api web application).
  • Smart card status monitoring (Card Monitor service, no web application provided).
  • Agent services:
    • Agent Registration Service – agentregistrationapi web application.
    • Service for remote task execution – agentserviceapi web application.
Info

Each service has its own configuration files and access settings.

Run the AxidianCertiFlow.Server-<version number>.x64.en-us.msi file from the Axidian CertiFlow installation package and follow the wizard instructions to complete the installation. Select an access control method for all system applications.

Image Added

Scroll Pagebreak

If you select Windows Authentication
When Windows authentication is selected, the following access control parameters are settings will be set: 

  • Authentication: Windows (other
    • Windows Authentication for mc, ss and api applications. Other methods are disabled
    ) for icm, icmservice, icmapi applications
    • Anonymous Authentication for credprovapi, agentregistrationapi and agentserviceapi applications. Other
    Authentication: Anonymous (other
    • methods are disabled
    ) for credprovapi application
    • . 
    • Anonymous Authentication
    : Anonymous and using
    •  and Forms Authentication for
    icmremote
    • rss application.
    Other methods are disabled.
  • SSL Settings:
    • Require SSL for all applications.
    • Client
    certificate
    • certificates:
      • Ignore for
    all
      • mc, ss, rss, credprovapi, api and agentregistrationapi applications.
      •  
      • Require for agentserviceapi application.

If you selectWhen Authentication by user’s personal certificates is selected, the following access control parameters are settings will be set: 

  • Authentication:
    • Anonymous Authentication for
    icm, icmservice, icmapi
    • all applications. Other methods are disabled. 
    Authentication: Anonymous and using Forms for icmremote application. Other methods are disabled.
  • SSL Settings:
    • Require SSL – for all applications.
    • Client
    certificate
    • certificates:
    Required
      • Ignore – for
    icm
      • rss,
    icmservice
      • credprovapi,
    icmapi
      • agentregistrationapi applications.
    Client certificate: Ignore – for credprovapi and icmremote
      • Required – for mc, ss, api, agentserviceapi applications.
Warning

If the user directory is users catalog resides in Active Directory, then the certificates used for authentication should contain User Principal Name (UPN). The certificates Certificates without UPN cannot be used for logging into to log in to web applications.

After the system Axidian CertiFlow is installed, you can set SSL settings for each application separately , using the IIS Management Consolein IIS Manager.