Versions Compared
Key
- This line was added.
- This line was removed.
- Formatting was changed.
Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications (see Figure 12).
Image ModifiedFigure 12 – Access control selection.
The Indeed CM system consists of a number of services:
- Management console (– icm web application).
- Self-service (– icmservice web application).
- Remote self-service (– icmremote web application).
- Smart card unlock service (service – credprovapi web application).
- API service (– icmapi web application).
- Smart card status monitoring (– Card Monitor service no web application provided).
- Client Agent services:
- Agent Registration Service – agentregistrationapi web application.
- Service for remote task execution – agentserviceapi web application.
Info |
---|
Each service has its own configuration files and access settings. |
Scroll Pagebreak |
---|
When Windows authentication is selected, the following access control parameters are set:
- Authentication:
- Windows Authentication (other methods are disabled) for icm, icmservice, icmapi applications
- Anonymous Authentication
- (other methods are disabled)
- for credprovapi, agentregistrationapi, agentserviceapi applications.
- Anonymous Authentication
- and Forms Authentication for icmremote application.
- SSL Settings:
- Require SSL for all applications.
- Client
- certificates:
- Ignore for icm, icmapi, icmremote, icmservice, credprovapi, agentregistrationapi applications.
- Require for agentserviceapi application.
When Authentication by user’s personal certificates is selected, the following access control parameters are set:
- Authentication: Anonymous for icm
- Anonymous Authentication (other methods are disabled) for icm, icmapi, icmservice,
- credprovapi, agentregistrationapi, agentserviceapi applications.
- Anonymous Authentication and Forms Authentication (other methods are disabled
- ) for icmremote application.
- SSL Settings:
- Require SSL – for all applications.
- Client
- certificates:
- Ignore –
- for credprovapi,
- icmremote,
- agentregistrationapi applications.
- Required – for icm, icmapi, icmservice, agentserviceapi applications.
Warning |
---|
If the user directory is in Active Directory, then the certificates used for authentication should contain User Principal Name. The certificates without UPN cannot be used for logging into web applications. |
After the system is installed, you can set SSL settings for each application separately, using the IIS Management Console.