The DualShield IIS Agent needs to be connected to the DualShield SSO Server (SSO) which in turn communicates to the DualShield Authentication Server (DAS). The communication protocol between the DualShield IIS Agent and SSO Server is HTTPS. Therefore, the DualShield SSO Server has to be trusted by the IIS Agent. If your DualShield SSO Server has a commecial commercial SSL certificate issued by a certificate authority such as GoDaddy, DigiCert, Comodo, Sectogo, etc then Sectigo, etc. then your DualShield SSO Server is automatically trusted by your DualShield IIS Agent. However, if your DualShield SSO Server has a self-signed SSL certificate, then you must import the CA certificate of your DualShield SSO Server into the local Windows certificate store on the sever server where the DualShield IIS Agent is installed.
...
Click "Finish"
Install CA Certificate
Now that the CA certificate has been downloaded and saved in the local drive, it needs to be imported into the Windows certificate store.
In the File Explorer, navigate to the folder where the certificate is saved.
Right click on the certificate to bring up the context menu
Select "Install Certificate" in the menu
The Certificate Import Wizard will be launched
Select "Local Machine" as the Store Location
Click "Next"
Select "Place all certificate in the following store"
Click "Browse..." to select the Certificate Store
Select "Trusted Root Certification Authorities"
Click "OK"
Click "Next"
Click "Finish"
Test Certificate
To verify that the CA certificate has been installed correctly, launch a web browser and visit the DualShield SSO Server by entering the URL below:
| Code Block |
|---|
https://dualshield-sso-server-fqdn:8074/sso/ping |
* Replace "dualshield-sso-server-fqdn" with the FQDN of your DualShield SSO Server.
If the CA certificate has been installed correctly, then there will be no certificate warning
You can check it further by clicking on the certificate icon
