SiteMinder Agent for SharePoint Guide › Advanced Options › How to Protect the Claims WS Service using SSL › Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

Grant Application Pool Identities for SharePoint Web Applications Permissions to the Client Certificate

All application pool identities that are associated with protected SharePoint web applications need read-only permissions to the client certificate. Perform this procedure on all the following servers in your environment:

• Your SharePoint central administration server.
• All web front end (WFE) servers in your SharePoint farm.

Follow these steps:

1. Click Start, Run.

   The Run dialog appears.

2. In the Open field, type mmc and then click OK.

   The Microsoft Management console appears.

3. Expand the console root folder, and then click Certificates — Local Computer.

   Note: If the Certificates snap-in does not appear, install it.

4. Locate your client certificate. Right-click your client certificate, and then select All tasks, Manage Private keys.

   The permissions dialog appears.

5. Locate the application pool identity in IIS Manager, Application Pool Section, and then grant that identity read access to the client certificate.
6. Repeat Step 5 for all other application pool identities.

   The permissions are granted.

7. Repeat Steps 1 through 6 on the SharePoint Central administration server and all the web front–end servers in your SharePoint farm.