Page History

Versions Compared

Old Version 1

changes.mady.by.user Adam Darwin

Saved on Apr 14, 2020

compared with

New Version Current

changes.mady.by.user Adam Darwin

Saved on May 16, 2022

Key

This line was added.
This line was removed.
Formatting was changed.

The communication protocol between the DualShield IIS Agent and SSO Server is HTTPS. Therefore, the DualShield SSO Server has to be trusted by the IIS Agent. If your DualShield SSO Server has a commercial SSL certificate issued by a certificate authority such as GoDaddy, DigiCert, Comodo, Sectigo, etc. then your DualShield SSO Server is automatically trusted by your DualShield IIS Agent. However, if your DualShield SSO Server has a self-signed SSL certificate, then you must import the CA certificate of your DualShield SSO Server into the local Windows certificate store on the server where the DualShield IIS Agent is installed.

Follow the steps below to into the CA certificate of the DualShield SSO Server and test it

Table of Contents

Download CA Certificate

On the machine where the DualShield IIS Agent is installed, launch a web browser and visit the DualShield SSO Server by entering the URL below:

Code Block
https://dualshield-sso-server-fqdn:8074/sso/ping

* Replace "dualshield-sso-server-fqdn" with the FQDN of your DualShield SSO Server.

Image Added

Click the certificate warning icon, then click "Certificate (invalid)" to show certificate

Image Added

Image Added

Now, click the "Certificate Path" tab

Image Added

Then select the root certificate (which is usually named as "ca.xxx.yyy")

Image Added

Now, click the "Details" tab

Image Added

then, click "Copy to File" button.

The Certificate Export Wizard" will be launched.

Image Added

Click "Next"

Image Added

Select the option: "DER encoded binary X.509"

Image Added

Enter a file name or use "Browser..." tol select the folder where the certificate file will be saved.

Image Added

Click "Finish"

Install CA Certificate

Now that the CA certificate has been downloaded and saved in the local drive, it needs to be imported into the Windows certificate store.

In the File Explorer, navigate to the folder where the certificate is saved.

Right click on the certificate to bring up the context menu

Image Added

Select "Install Certificate" in the menu

The Certificate Import Wizard will be launched

Image Added

Select "Local Machine" as the Store Location

Click "Next"

Image Added

Select "Place all certificate in the following store"

Click "Browse..." to select the Certificate Store

Image Added

Select "Trusted Root Certification Authorities"

Click "OK"

Image Added

Click "Next"

Image Added

Click "Finish"

Test Certificate

To verify that the CA certificate has been installed correctly, launch a web browser and visit the DualShield SSO Server by entering the URL below:

Code Block
https://dualshield-sso-server-fqdn:8074/sso/ping

* Replace "dualshield-sso-server-fqdn" with the FQDN of your DualShield SSO Server.

Image Added

If the CA certificate has been installed correctly, then there will be no certificate warning

You can check it further by clicking on the certificate icon

Image Added