Generating a new User Certificate
If you do not have an external CA and one is enabled within ADSS Server then the following steps enable you to create a new user certificate using the Manage CAs of ADSS Server if licensed.
- Create a Client Authentication Key by following this URL: Key Manager > Generating New Keys to create the key (allowing the option for key export)
- Create a certificate for this new key by following this URL: Key Manager > Generating Certificates to create the certificate (self-signed certificates are NOT supported for user certificates), export the certificate (*.cer) to enable it to be added as defined here: Adding an User
- In Trust Manager ensure the option "CA for verifying TLS client certificates" is selected for the CA that issued this certificate.
- Export the user key and certificate as a .pfx or .p12 file and install it into your browser.
- You will need to restart the ADSS Server Windows services or Unix Daemons if you have changed the Trust Manager settings.
- Assuming you have been added as an user with a suitable role and you can now login to the ADSS Server console by relaunching the browser.
See also
Generating a new User Certificate
Creating User Accounts & Enabling Dual Control
Set-up Emergency Use Admin Accounts