Obtaining and Installing Client Certificates
You can set up client (personal) certificates to provide user authentication so that users will not have to provide user names and passwords when they access MCS. You must have set up SSL on the MCS server before you can set up client certificates, although you could use the demonstration certificate for this purpose. The demonstration certificate should be used only for testing; it should not be used in a production environment.
For more information about the demonstration certificate, see SSL Certificates.
When you set up client certificate authentication, a client certificate is installed on each client computer and a CA (certificate authority) certificate for that client certificate is installed on the MCS server.
|To obtain and install a client certificate
- After setting up SSL on the MCS server, on each client computer, create and submit a certificate request to a certificate authority (CA).
A separate submission must be made from each client computer.
- When you are notified by the CA that the request has been fulfilled, use the browser to install the certificate on the client computer.
The steps for installing the certificate are different, depending on the browser you use.
- To install the CA certificate for your client certificate on the MCS server or server cluster, in the MCS left pane, point to Services and then click Security.
- In the Security tree, click Security Services.
- In the right pane of the MCS window, click the Security Services Client Certificates tab.
The Security Services Client Certificates page appears in the right pane of the MCS window.
- Choose Add to display a dialog box from which you can select a CA certificate file name.
- Use the Mapping options to map client certificates to user names. The user name looked up in the directory service is the result of applying the specified mapping options to a field in the client certificate. Only the Field option is required.
- Click Save.