The DualShield IIS Agent needs to be connected to the DualShield SSO Server (SSO) which in turn communicates to the DualShield Authentication Server (DAS).
The communication protocol between the DualShield IIS Agent and SSO Server is HTTPS. Therefore, the DualShield SSO Server has to be trusted by the IIS Agent. If your DualShield SSO Server has a commecial SSL certificate issued by a certificate authority such as GoDaddy, DigiCert, Comodo, Sectogo, etc then your DualShield SSO Server is automatically trusted by your DualShield IIS Agent. However, if your DualShield SSO Server has a self-signed SSL certificate, then you must import the CA certificate of your DualShield SSO Server into the local Windows certificate store on the sever where the DualShield IIS Agent is installed.
Follow the steps below to into the CA certificate of the DualShield SSO Server and test it
Download CA Certificate
On the machine where the DualShield IIS Agent is installed, launch a web browser and visit the DualShield SSO Server by entering the URL below:
https://dualshield-sso-server-fqdn:8074/sso/ping
* Replace "dualshield-sso-server-fqdn" with the FQDN of your DualShield SSO Server.
Click the certificate warning icon, then click "Certificate (invalid)" to show certificate
Now, click the "Certificate Path" tab
Then select the root certificate (which is usually named as "ca.xxx.yyy")
Now, click the "Details" tab
then, click "Copy to File" button.
The Certificate Export Wizard" will be launched.
Click "Next"
Select the option: "DER encoded binary X.509"
Enter a file name or use "Browser..." tol select the folder where the certificate file will be saved.
Click "Finish"
Install CA Certificate
