Scenarios › How to Enable SSL for the Agent for SharePoint › Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate
Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate
The next step in establishing the mutual trust relationship is granting permissions to the application pool identities associated with your SharePoint web applications.
All application pool identities that are associated with protected SharePoint web applications need read-only permissions to the client authentication certificate. Perform this procedure on all the following servers in your environment:
- Your SharePoint central administration server.
- All web front end (WFE) servers in your SharePoint farm.
Follow these steps:
- Click Start, Run.
The Run dialog appears.
- In the Open field, type mmc and then click OK.
The Microsoft Management console appears.
- Expand the console root folder, and then click Certificates — Local Computer.
- Locate your client certificate. Right-click your client certificate, and then select All tasks, Manage Private keys.
The permissions dialog appears.
- Locate the application pool identity in IIS Manager, Application Pool Section, and then grant that identity read access to the client certificate.
- Repeat Step 5 for all other application pool identities.
- Repeat Steps 1 through 6 on the SharePoint central administration server and all the WFE servers in your SharePoint farm. For example, if you have one SharePoint central administration server and five WFE servers, perform this procedure six times.
The permissions are granted. Continue with the next step of registering the claims search service endpoint on all WFE servers.
Copyright © 2013 CA.
All rights reserved.
|
|