Integration Server 10.3 | Integration Server Administrator's Guide | Authenticating Clients | Client Certificates | Certificate Mapping | Importing a Certificate (Client or CA Signing Certificate) and Mapping It to a User
 
Importing a Certificate (Client or CA Signing Certificate) and Mapping It to a User
You import client certificates and CA signing certificates through Integration Server Administrator to keep them on file, map them to particular user accounts, and specify how they are to be used.
Keep the following points in mind before importing and mapping certificates:
*If you intend to make an SSL connection between Integration Server and an Internet resource that will serve as a client, you also need to import a copy of the client's SSL signing certificate (CA certificate).
*Although Integration Server supports loading certificates for LDAP users, Software AG recommends using central user management and then configuring LDAP and certificates in My webMethods Server.
The steps for importing client certificates and CA signing certificates are the same, and are described below.
*To import a client certificate and map it to a user
1. Open the Integration Server Administrator if it is not already open.
2. In the Security menu of the Navigation panel, click Certificates.
3. Click Configure Client Certificates.
4. In the Certificate Path field, enter the path and file name of the file that contains the certificate you want to import.
Note:
The certificate must be located on a path that is accessible to Integration Server. That is, the certificate must be on the same machine as Integration Server.
5. In the User field, enter a user or click search icon to search for and select a user.
To search for a user in the User Name dialog box, do one of the following:
*To select a local user, in the Provider list, select Local. Select the local user to which you want to map the certificate.
If an external user directory is not configured, the Provider list does not appear.
*To select a user from an external directory (LDAP or a central user directory), in the Provider list, select the user directory that you want to search. In the Search field, enter the criteria that you want to user to find a user. Click Go. Select the user to which you want to map the certificate.
6. In the Usage list, select the purpose for which you want to import this certificate. Select from one of these options:
*SSL Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server.
*Verify. Use the certificate's public key to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature.
*Encrypt. Use the certificate's public key to encrypt outgoing documents, messages, or streams fromIntegration Server to the client.
*Verify and Encrypt. Use the same certificate both to verify the authenticity of documents, messages, or streams originating from the client and containing a digital signature, and to encrypt outgoing documents, messages, or streams fromIntegration Server to the client.
*Message Authentication. Use the certificate to represent the client's authentication credentials when making an SSL connection with Integration Server, when using message-level rather than transport-level authentication (for example, with web service messages whose SOAP message headers contain SSL certificate information).
7. Click Import Certificate.