Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications.

The Indeed CM system consists of a number of services:

  • Management console – icm web application.
  • Self-service – icmservice web application.
  • Remote self-service – icmremote web application.
  • Smart card unlock service – credprovapi web application.
  • API service – icmapi web application.
  • Smart card status monitoring (Card Monitor service no web application provided).
  • Client Agent services:
    • Agent Registration Service – agentregistrationapi web application.
    • Service for remote task execution – agentserviceapi web application.
Info

Each service has its own configuration files and access settings.

Scroll Pagebreak

When Windows authentication is selected, the following access control parameters are set:

  • Authentication:
    • Windows Authentication (other methods are disabled) for icm, icmservice, icmapi applications
    • Anonymous Authentication
    : Anonymous
    •  (other methods are disabled)
    for credprovapi application
    • for credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication
    : Anonymous and using
    •  and Forms Authentication for icmremote application.
    Other methods are disabled.
  • SSL Settings:
    • Require SSL for all applications.
    • Client
    certificate
    • certificates:
    Ignore for all applications
      • Ignore for icm, icmapi, icmremote, icmservice, credprovapi, agentregistrationapi applications.
      • Require for agentserviceapi application.

When Authentication by user’s personal certificates is selected, the following access control parameters are set:

  • Authentication: Anonymous for icm, icmservice, icmapi applications. Other methods are disabled.Authentication: Anonymous and using Forms for icmremote application. Other methods are disabled.
    • Anonymous Authentication (other methods are disabled) for icm, icmapi, icmservice, credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication and Forms Authentication (other methods are disabled) for icmremote application.
  • SSL Settings:
    • Require SSL – for all applications.
    • Client
    certificate
    • certificates:
    Required
      • Ignore
    for icm
      • for credprovapi,
    icmservice
      • icmremote,
    icmapi applications
      • agentregistrationapi applications.
    Client certificate: Ignore – for credprovapi and icmremote
      • Required – for icm, icmapi, icmservice, agentserviceapi applications.
Warning

If the user directory is in Active Directory, then the certificates used for authentication should contain User Principal Name. The certificates without UPN cannot be used for logging into web applications.

After the system is installed, you can set SSL settings for each application separately, using the IIS Management Console.