SiteMinder Agent for SharePoint GuideToken-Signing Certificates Required by the Agent for SharePointHow to Request and Install a Policy Server Certificate for the Agent for SharePoint › Add a Policy Server Signing Certificate to Policy Servers and Create a Trust File

Previous Topic: Configure Certificate Support on Policy Servers

Next Topic: Install and Configure the SiteMinder Agent for SharePoint

Add a Policy Server Signing Certificate to Policy Servers and Create a Trust File

CA SiteMinder requires a certificate to complete signing the WS-Token. CA SiteMinder signs the WS-Token and sends it to SharePoint. To create a certificate for the WS-Token, import an existing certificate that contains both a private and a public key.

This certificate is often in the Public-Key Cryptography Standards #12 (PKCS) format. In the following example, the password protects the PKCS#12 file.

Note: On Windows operating environments, a .pfx file is equivalent to a .p12 file.

Follow these steps:

  1. Open the command prompt on the server where the SiteMinder Policy Server is installed.
  2. Enter the following command to import the certificate: 
    smkeytool -addPrivKey -alias alias_name -keycertfile certificate_file_name.p12 -password certificate_private_key_password

    Note: If you want to define aliases for your certificates, the name of the first alias must be defaultenterpriseprivatekey. Subsequent aliases support any name you want. For more information about the smkeytool command, see the Policy Server Configuration Guide.

    SiteMinder imports the certificate.

  3. If you are using Policy Server clusters, repeat Steps 1 and 2 on each Policy Server in your environment.
  4. From one Policy Server, enter the following command to create a trust certificate file: 
    smkeytool -export -alias alias_name -outfile exported_certificate_file_name.cer -type cert

    The trust certificate file that SharePoint requires is created.

  5. Copy the trust certificate to a directory on your SharePoint central administration server.
  6. Copy any Certificate Authority Certificates in the certificate chain to a directory on your SharePoint central administration server.

    Note: The Powershell script created by the SharePoint connection wizard requires the paths to the following certificates on your SharePoint central administration server:

More information:

Modify the PowerShell Script