To enable Client Certificate Authentication on IIS 5.x+ you will need to obtain Certification Authority [CA] Certificates, your own Digi-Access™ [1] Client Certificate and setup a local user (or Active Directory Domain) account on a Windows Server that the IIS 5.x+ web server is installed and running on.
2.1 Obtaining and installing the Digi-Access™ Certification Authority Certificates
To obtain the Digi-Access™ Intermediate Certification Authority Certificate, use the following URL:
Digi-Sign CA Digi-Access Xs [3]
Once you save these Certificates to the desktop (or another directory on the hard drive) of the web server machine, then:
To install the Digi-Sign_Root_CA.cer Certificate file:
- Click Next.
- Locate the Digi-Sign_Root_CA.cer Certificate file and click Next.
- When the wizard is completed, click Finish.
To install the Digi-Sign_CA_Digi-Access_Xs.cer:
- Complete the import wizard again, but this time locating the Digi-Sign_CA_Digi-Access_Xs.cer when prompted for the Certificate file.
- Ensure that the Digi-Sign_Root_CA.cer certificate appears under Trusted Root Certification Authorities.
- Ensure that the Digi-Sign_CA_Digi-Access_Xs.cer appears under Intermediate Certification Authorities.
Important: You must now restart the IISAdmin service or reboot the computer to complete the installation.
2.2 Preparing IIS 5.x+ for Digi-Access™ Client Certificate Authentication
To prepare IIS 5.x+ for Digi-Access™ Client Certificate Authentication:
Go to Windows Administrative Tools.
Your IIS 5.x+ web server is now ready to start working with Digi-Access™ Client Certificate Authentication.
Links:
[1] http://www2.digi-sign.com/digi-access
[2] https://www.digi-sign.com/downloads/certificates/dsroot/Digi-Sign_Root_CA.cer
[3] https://www.digi-sign.com/downloads/certificates/digi-access/Digi-Sign_CA_Digi-Access_Xs.cer
[4] http://www2.digi-sign.com/digital+certificate