Previous Topic: Export Your Policy Server Signing Certificate

Next Topic: Install and Configure the SiteMinder Agent for SharePoint

Agent for SharePoint GuideToken-Signing Certificates Required by the Agent for SharePointHow to Request and Install a Policy Server Certificate for the Agent for SharePointAdd a Policy Server Signing Certificate to Policy Servers and Create a Trust File

Add a Policy Server Signing Certificate to Policy Servers and Create a Trust File

CA SiteMinder requires a certificate to complete signing the WS-Token. CA SiteMinder signs the WS-Token and sends it to SharePoint. To create a certificate for the WS-Token, import an existing certificate that contains both a private and a public key. After the certificate has been imported to the key store and been assigned an alias, export the certificate to your SharePoint Central Administration server to create a trust certificate.

This certificate often uses the Public-Key Cryptography Standards #12 (PKCS) format. In the following example, the password protects the PKCS#12 file.

Note: On Windows operating environments, a .pfx file is equivalent to a .p12 file.

Follow these steps:

  1. Log on to the Administrative UI.
  2. Add the Policy Server signing certificate to the Policy Servers with the following steps:
    1. Click Infrastructure, X509 Certificate Management, Trusted Certificates and Private Keys.

      The trusted certificates and private keys screen appears.

    2. Click Import New.

      The Import Certificate/Private key wizard starts.

    3. Click the Browse button, navigate to the certificate that you want to import, and then click Next.
    4. Enter the password with which you previously exported the certificate, and then click Next.
    5. Highlight the text in the Alias field, and then type a new Alias for the certificate.
    6. Click Next.
    7. Review the information that is shown on the confirmation screen, and then click Finish.

      The Policy Server signing certificate is added the central key store on the Policy Servers. The Policy Server signing certificate appears in the list that is shown on the Administrative UI.

  3. Create a trust certificate for your SharePoint central administration server with the following steps:
    1. Locate the certificate from Step 2g in the list.
    2. Click the Action drop-down list, and then choose Export.

      The Export Key Store Entry screen appears.

    3. Verify that the following value appears in the format drop-down list: 
      X509-DER
    4. Click Export.
    5. Save the certificate to another location.

      The trust certificate for your SharePoint central administration server is created.

  4. Copy the certificate from Step 3e to a directory on your SharePoint central administration server. This certificate is the trust certificate.
  5. Copy any Certificate Authority Certificates in the certificate chain to a directory on your SharePoint central administration server.

    Note: The Powershell script (which the SharePoint connection wizard creates) requires the paths to the following certificates on your SharePoint central administration server:

More information:

Modify the PowerShell Script