Previous Topic: Add a Trusted Root Authority to your SharePoint Farm

Next Topic: Have your Administrator Approve your Request for a Client Certificate


Request a Client Certificate

A mutual trust relationship between the following components is required for secure communications:

The first step in creating this relationship is requesting a client authenticate certificate. This certificate is installed on all SharePoint web front-end (WFE) servers. The client authentication certificate allows the ClaimsWS service to verify the identities of the WFE servers.

Several third-party tools are available for creating certificates. This procedure provides one possible example using Active Directory Certificate services and IIS 7.

If your organization uses different tools or procedures to create client certificates, use those tools or procedures instead.

If you already have a client authentication certificate, skip this procedure.

Follow these steps:

  1. Open a Web browser (from a system running an IIS web server).
  2. Navigate to the following URL:
    https://fully_qualilfied_domain_name_of_server_running_active_directory_certificate_services/certsrv
    

    An example of such a URL is http://certificateauthority.example.com/certsrv.

  3. Click Request a certificate.

    The Request a certificate screen appears.

  4. Click the advanced certificate request link.
  5. Click the Create and submit a request to this CA.

    An Advanced Certificate Request form appears.

  6. Complete the form, using the following examples as a guide:
    Name: SiteMinderClaimsProvider
    E-Mail: admin@support.example.com
    Company: Example
    Department: Support
    City: your_city
    State: your_state
    Country/Region your_country
    Type of Certificate Needed: Client Authentication Certificate
    Mark keys as exportable: ENABLED
    Friendly Name: SiteMinderClaimsProvider
    

    Note: Under the type of certificate needed drop-down list, verify that Client Authentication Certificate appears.

  7. Click Submit.

    A confirmation dialog appears.

  8. Click Yes.

    The request is submitted.

  9. Note the following items for future reference: