Agent for SharePoint Guide › Advanced Options › How to Enable SSL for the Agent for SharePoint › Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

All application pool identities that are associated with protected SharePoint web applications need read-only permissions to the client authentication certificate. Perform this procedure on all the following servers in your environment:

• Your SharePoint central administration server.
• All web front end (WFE) servers in your SharePoint farm.

Follow these steps:

1. To obtain the application pool identities, do the following steps:
   1. In IIS Manager, go to the Application Pools section and click SharePoint Web Application Pool.
   2. Click Advanced Settings and locate the application pool identity.
   3. Make a note of the application pool identities.
2. To start the Microsoft Management console, do the following steps:
   1. Click Start, Run.

      The Run dialog appears.

   2. In the Open field, type mmc and then click OK.

      The Microsoft Management console appears.

3. Expand the console root folder, and then click Certificates — Local Computer.
4. Locate and right-click your client certificate, then select All tasks, Manage Private keys.

   The permissions dialog appears.

5. Grant each application pool identity that you noted in Step 1 read access to the client certificate.
6. Repeat Steps 1 through 5 on the SharePoint central administration server and all the WFE servers in your SharePoint farm. For example, if you have one SharePoint central administration server and five WFE servers, perform this procedure six times.

   The permissions are granted. Continue with the next step of registering the claims search service endpoint on all WFE servers.