Previous Topic: Install the Client Authentication Certificate on your SharePoint ServersNext Topic: Register the Claims Search Service Endpoint on all WFE Servers

Agent for SharePoint GuideAdvanced OptionsHow to Enable SSL for the Agent for SharePointGrant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

The next step in establishing the mutual trust relationship is granting permissions to the application pool identities associated with your SharePoint web applications.

All application pool identities that are associated with protected SharePoint web applications need read-only permissions to the client authentication certificate. Perform this procedure on all the following servers in your environment:

Follow these steps:

  1. Click Start, Run.

    The Run dialog appears.

  2. In the Open field, type mmc and then click OK.

    The Microsoft Management console appears.

  3. Expand the console root folder, and then click Certificates — Local Computer.
  4. Locate your client certificate. Right-click your client certificate, and then select All tasks, Manage Private keys.

    The permissions dialog appears.

  5. Locate the application pool identity in IIS Manager, Application Pool Section, and then grant that identity read access to the client certificate.
  6. Repeat Step 5 for all other application pool identities.
  7. Repeat Steps 1 through 6 on the SharePoint central administration server and all the WFE servers in your SharePoint farm. For example, if you have one SharePoint central administration server and five WFE servers, perform this procedure six times.

    The permissions are granted. Continue with the next step of registering the claims search service endpoint on all WFE servers.