API Gateway 10.11 | Administering API Gateway | Deployment | Deployment Configurations | Paired Deployment | Paired Deployment with Integration Server in Green Zone | Importing a Certificate and Mapping to User
 
Importing a Certificate and Mapping to User
You can import client certificates and CA signing certificates through Integration Server Administrator to keep them on file, map them to particular user accounts, and specify how they are to be used. The user mapping to the certificate must be performed on the external server.
Keep the following points in mind before importing and mapping certificates:
*To create an SSL connection between Integration Server and an internet resource that serves as a client, you have to import a copy of the client's SSL signing certificate (CA certificate).
*Although Integration Server supports loading certificates for LDAP users, Software AG recommends using central user management and then configuring LDAP and certificates in My webMethods Server.
*To import a client certificate and map it to a user
1. Open the Integration Server Administrator.
2. Navigate to Security > Certificates.
3. Click Configure Client Certificates.
The Configure Client Certificates window is displayed.
4. Type the path of the certificate that you want to import, in the Certificate Path field.
Note:
The certificate must be on the same machine on which the Integration Server is running.
5. Type a user name or click search icon to search for and select a user.
To search a user, perform one of the following tasks, once you click the search icon:
*To select a local user, select Local in the Provider list. Select the local user to which you want to map the certificate. If you have not configured an external user directory, you cannot view the Provider list.
*To select a user from an external directory (LDAP or a central user directory), select the user directory that you want to search, in the Provider list. In the Search field, type the criteria to find a user and click Go. Select the user to whom you want to map the certificate.
6. Select one of the following options from the Usage field.
*SSL Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server.
*Verify. Use the certificate's public key to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature.
*Encrypt. Use the certificate's public key to encrypt outgoing documents, messages, or streams from Integration Server to the client.
*Verify and Encrypt. Use the same certificate to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature, and to encrypt outgoing documents, messages, or streams from Integration Server to the client.
*Message Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server, when using message-level rather than transport-level authentication. For example, with web service messages whose SOAP message headers contain SSL certificate information.
7. Click Import Certificate.