A mutual trust relationship between the following components is required for secure communications:
The first step in creating this relationship is requesting a client authenticate certificate. This certificate is installed on all SharePoint web front-end (WFE) servers. The client authentication certificate allows the ClaimsWS service to verify the identities of the WFE servers.
Several third-party tools are available for creating certificates. This procedure provides one possible example using Active Directory Certificate services and IIS 7.
If your organization uses different tools or procedures to create client certificates, use those tools or procedures instead.
If you already have a client authentication certificate, skip this procedure.
Follow these steps:
https://fully_qualilfied_domain_name_of_server_running_active_directory_certificate_services/certsrv
An example of such a URL is http://certificateauthority.example.com/certsrv.
The Request a certificate screen appears.
An Advanced Certificate Request form appears.
Name: SiteMinderClaimsProvider E-Mail: admin@support.example.com Company: Example Department: Support City: your_city State: your_state Country/Region your_country Type of Certificate Needed: Client Authentication Certificate Mark keys as exportable: ENABLED Friendly Name: SiteMinderClaimsProvider
Note: Under the type of certificate needed drop-down list, verify that Client Authentication Certificate appears.
A confirmation dialog appears.
The request is submitted.
The next step in configuring a mutual trust relationship between the claims search service and the claims provider is generating the client authentication certificate.
The next step in protecting the ClaimsWS service is having a certificate authority process your request.
After the certificate authority receives your certificate signing request, they will process the request and will return the signed certificate.
Some organizations use third-party certificate authorities to sign their certificate requests. Other organizations could possibly have an internal group that operates a certificate authority.
The following procedure demonstrates the process for approving a certificate with Microsoft Active Directory Certificate services:
Follow these steps:
Certificate administrators approve or reject certificate requests. Certificate administrator privileges are separate from the Administrator privileges in the Windows operating environment. Not all users who have accounts on the computer hosting Active Directory Certificate services have sufficient privileges to approve or reject certificates.
Use this procedure if you have certificate administrator privileges. Otherwise, ask the certificate administrator in your organization to issue the certificate for you.
Follow these steps:
The certsrv snap-in appears.
A list of pending certificate requests appears.
The certificate is issued.
Continue with the next step of downloading and importing the certificate.
Copyright © 2013 CA.
All rights reserved.
|
|