Adding an Operator to ADSS Server
The following steps enable you to create a new ADSS Server operator. This assumes the operator already has a client TLS certificate that will be used to authenticate them to ADSS Server and provide a secure TLS/TLS protected session:
- Ensure the Issuer CA for the operator's client TLS certificate has been defined within Trust Manager and that the option "CA for verifying TLS client certificates" has been selected (this tells Tomcat to trust this CA for operator access). If this CA has just been added to Trust Manager for the first time then ADSS Server must be fully restarted by restarting the Windows services (or the UNIX daemons) to ensure the running Tomcat instance has this change otherwise the TLS certificate will not be accepted. Restarting all services and all configurations in ADSS Service Manager is not sufficient.
- Create a new operator using the Manage Operators option of the Access Control section.
- In the certificate field, click browse to locate the digital certificate that will be used to identify this operator's TLS connection to the console.
- If you are going to try to logon locally, logout from ADSS Server and close all IE browser instances.
- Launch the IE browser once again and select the new operator's certificate for TLS client authentication.
- Note that in order to use FireFox the operator certificate must be configured in its local store.
- The new operator can now log into the ADSS Server console and use the privileges defined within their assigned role.
- Global Settings > Miscellaneous options defines whether operator and other certificates are to have their status checked.
See also
Starting & Stopping ADSS Server
Accessing the ADSS Server Console
Adding an Operator to ADSS Server
Managing Backups
Managing Disk Space
Upgrading ADSS Server
Checking PKCS11 HSM Functionality
Trace Logs Export Utility