CA CA SiteMinder requires a certificate to complete signing the WS-Token. CA CA SiteMinder signs the WS-Token and sends it to SharePoint. To create a certificate for the WS-Token, import an existing certificate that contains both a private and a public key. After the certificate has been imported to the key store and been assigned an alias, export the certificate to your SharePoint Central Administration server to create a trust certificate.
This certificate often uses the Public-Key Cryptography Standards #12 (PKCS) format. In the following example, the password protects the PKCS#12 file.
Note: On Windows operating environments, a .pfx file is equivalent to a .p12 file.
Follow these steps:
The trusted certificates and private keys screen appears.
The Import Certificate/Private key wizard starts.
The Policy Server signing certificate is added the central key store on the Policy Servers. The Policy Server signing certificate appears in the list that is shown on the Administrative UI.
The Export Key Store Entry screen appears.
X509-DER
The trust certificate for your SharePoint central administration server is created.
Note: The Powershell script (which the SharePoint connection wizard creates) requires the paths to the following certificates on your SharePoint central administration server:
The system hosting the CA SiteMinder Agent for SharePoint needs a copy of Policy Server signing certificate. This copy helps the CA SiteMinder Agent for SharePoint validate the WS-Fed tokens that the Policy Server sends. The certificate chain validates the Policy Server signing certificate.
Provide the following files to the administrator of the system that hosts the CA SiteMinder Agent for SharePoint:
The SharePoint central administration server needs a copy of Policy Server signing certificate. This copy helps the central administration server validate the WS-Fed tokens that the CA SiteMinder Agent for SharePoint forwards from the Policy Server. The certificate chain validates the Policy Server signing certificate.
The SharePoint administrator must edit the PowerShell script that the SharePoint connection wizard generates to include references to these certificate files.
Provide the following files to the SharePoint administrator:
Copyright © 2013 CA.
All rights reserved.
|
|