Configuring Client Certificates
To configure the XIA Configuration Client to use client certificates in conjunction with Microsoft Internet Information Server (IIS) as a method of two factor authentication, complete the following steps:
- Ensure that the IIS server is configured with a valid SSL certificate
- Ensure that the Connect to server setting on the server settings or server upload uses the appropriate HTTPS address of the server.
- Ensure that the IIS server SSL settings are configured appropriately to either accept or require client certificates
- Determine the name of the service account by viewing the service information.
- Logon as the service account and run mmc.exe or
- or - - Execute the command substituting the service account name
runas /user:"domain\user" "cmd /c mmc" - Accept the UAC prompt if required
- Add the Certificates snap-in and ensure that My user account is selected (using the Service account option is not supported)
- Import the client certificate into the Personal folder for the service user account.
- When imported ensure that the client certificate is within the expiration date and that Client Authentication is one of the intended purposes
- On the advanced settings tab of either the server settings or server upload as appropriate, select the appropriate client certificate