AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3

Size: px
Start display at page:

Download "AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3"

Transcription

1 Contents AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide... 3 About this guide... 3 Microsoft Federation Gateway Support Overview... 4 Deploying and Configuring Microsoft Federation Gateway Support... 4 Checklist: Deploying Microsoft Federation Gateway Support... 5 Important considerations for installing AD RMS Microsoft Federation Gateway Support... 6 Adding Microsoft Federation Gateway Support Enrolling and Enabling Microsoft Federation Gateway Support Managing Microsoft Federation Gateway Support Managing Licensing Domains Managing Publishing Domains Managing Microsoft Federation Gateway Support Certificates About Microsoft Federation Gateway Support Certificates Updating the Token Decryption Certificate Updating the Microsoft Federation Gateway Certificate Setting the Microsoft Federation Gateway Support RAC Validity Period Disabling Microsoft Federation Gateway Support Terminating the Federation Relationship

2 Removing Microsoft Federation Gateway Support

3 AD RMS Microsoft Federation Gateway Support Installation and Configuration Guide Microsoft Federation Gateway Support is a new feature of Active Directory Rights Management Services (AD RMS) introduced in Service Pack 1 (SP1) for Windows Server 2008 R2. Microsoft Federation Gateway Support enables an AD RMS cluster to federate to the Microsoft Federation Gateway, which acts as a trusted broker between organizations. By establishing these federation relationships, organizations can configure such applications as Microsoft Exchange Server 2010 with SP1 to be able to create messages that are secured by AD RMS and yet can still be accessed by users who belong to an external organization. Important Because of changes to the Microsoft Federation Gateway service, if you installed a prerelease version of Windows Server 2008 R2 SP1 and federated with the Microsoft Federation Gateway, you must terminate the federation with the Microsoft Federation Gateway and then enroll with the Microsoft Federation Gateway again. For more information, see Terminating the Federation Relationship and Enrolling and Enabling Microsoft Federation Gateway Support. This change must also be made on any federation partner, such as servers running Microsoft Exchange Server 2010 SP1, that were federated with the Microsoft Federation Gateway during the Windows Server 2008 R2 SP1 beta release period. For information about creating a federated trust between a Microsoft Exchange 2010 organization and the Microsoft Federation Gateway, see Create a Federation Trust ( About this guide This guide is intended for AD RMS administrators who want to federate their AD RMS clusters with an external organization by using the Microsoft Federation Gateway. By following the checklist provided in this guide, you should be able to deploy Microsoft Federation Gateway Support on your AD RMS cluster and configure it to establish a federated relationship with one or more external organizations. This guide also provides information on managing Microsoft Federation Gateway Support and removing Microsoft Federation Gateway Support when it is no longer required. This guide contains the following subjects: Microsoft Federation Gateway Support Overview Deploying and Configuring Microsoft Federation Gateway Support Managing Microsoft Federation Gateway Support Removing Microsoft Federation Gateway Support 3

4 Microsoft Federation Gateway Support Overview The Microsoft Federation Gateway is an identity service that runs over the Internet and mediates between an organization or business and the external services that the organization wants to use. The gateway connects users and other identities to the services that it works with, so that an organization only has to manage a single identity-federation relationship to enable its identities to access all Microsoft and Microsoft-based services they want to use. The Microsoft Federation Gateway provides applications with a simple, standards-based method of establishing trust between separate organizations that uses SSL certificates to prove domain ownership. Because the organizations federate with the gateway instead of with each other, it is much easier for an organization to establish trust relationships with multiple partners than is possible when it uses conventional one-on-one federation or other trust relationships. The scope of Active Directory Rights Management Services (AD RMS) federation can be easily controlled by creating allow or deny lists of users and domains for licensing and by specifying the domains that can receive publishing licenses. This guarantees that only appropriate organizations are given access to protected information. Microsoft Federation Gateway Support in Windows Server 2008 R2 Service Pack 1 (SP1) enables AD RMS to federate with the Microsoft Federation Gateway to authenticate users for certification and licensing. For example, Microsoft Exchange Server 2010 SP1 is designed to take advantage of this capability by enabling messages protected by AD RMS to be sent between organizations that do not share an Active Directory Domain Services (AD DS) infrastructure. When the Exchange Server 2010 SP1 infrastructure is configured to take advantage of these features, users can send AD RMS protected messages to recipients outside the sender s organization, and those recipients can then view the messages by using Exchange Server 2010 Outlook Web App. Also, senders can grant permission to recipient organizations that use Exchange Server 2010 SP1 permission to decrypt content for such purposes as journaling and malware scanning. For more information about the Microsoft Federation Gateway, see Microsoft Federation Gateway ( on MSDN. For more information about how to deploy Microsoft Federation Gateway Support on AD RMS, see Deploying and Configuring Microsoft Federation Gateway Support. Deploying and Configuring Microsoft Federation Gateway Support The topics in this section are designed to help you add Microsoft Federation Gateway Support to your Active Directory Rights Management Services (AD RMS) cluster. Some tasks, such as adding the Microsoft Federation Gateway Support service to an AD RMS server, are performed on each server in an Other tasks configure the entire cluster and need only be 4

5 performed on a single server in the cluster. Follow the steps in Checklist: Deploying Microsoft Federation Gateway Support to ensure that you perform each task correctly in the proper order. This section contains the following topics: Checklist: Deploying Microsoft Federation Gateway Support Adding Microsoft Federation Gateway Support Enrolling and Enabling Microsoft Federation Gateway Support Checklist: Deploying Microsoft Federation Gateway Support The following steps in this checklist describe the tasks required to install and configure Microsoft Federation Gateway Support on an Active Directory Rights Management Services (AD RMS) cluster. For more information about Microsoft Federation Gateway, see Microsoft Federation Gateway Support Overview. 1. If you have not already done so, on each server in the cluster assign a secure sockets layer (SSL) certificate to the Web site that is hosting the AD RMS cluster and configure the cluster to use SSL-encrypted connections. The certificate must be from a certification authority that is trusted by the Microsoft Federation Gateway. For more information, see Important considerations for installing AD RMS Microsoft Federation Gateway Support. 2. If you have rights policy templates that grant user rights to Anyone, you should consider modifying them to prevent granting rights to external users who are authenticated through the Microsoft Federation Gateway. For information on changing a rights policy template, see Edit a Rights Policy Template. 3. In order to ensure that you can recover your AD RMS cluster in case of a problem, you should back up your AD RMS databases. The AD RMS databases have names that begin with the DRMS_ prefix. The method and procedure you use to back up the databases will depend on the server on which they are stored and the procedure that you typically follow to back up the server databases. 4. On each server of the AD RMS cluster, install Service Pack 1 for Windows Server 2008 R2 and then add Microsoft Federation Gateway Support to each server in the cluster by following the instructions in Adding Microsoft Federation Gateway Support. 5. On one server in the AD RMS cluster, enroll the cluster with the Microsoft Federation Gateway and then enable Microsoft Federation Gateway Support by following the instructions in Enrolling and Enabling Microsoft Federation Gateway Support. Caution Before uninstalling Service Pack 1 for Windows Server 2008 R2, you must remove Microsoft Federation Gateway Support from the Failure to do this may cause an inconsistent configuration of your For more information, see Removing Microsoft Federation Gateway Support. 5

6 Important considerations for installing AD RMS Microsoft Federation Gateway Support The following is a list of things that should be considered before you install AD RMS with Microsoft Federation Gateway: The AD RMS cluster must be configured to use an SSL-encrypted connection that uses a certificate that the Microsoft Federation Gateway trusts. To prove your ownership of the domain that you want to federate with the Microsoft Federation Gateway, you must own the X.509 SSL certificate for that domain. It must be from one of the trusted root certification authorities (CAs) that are configured in the Microsoft Federation Gateway. The following table lists those CAs. CA certificate friendly name Issued to Intended purposes Entrust ( Go Daddy Class 2 Certification Authority ( Network Solutions ( VeriSign Class 3 Public Primary CA ( Entrust.net Secure Server Certification Authority Go Daddy Class 2 Certification Authority Network Solutions Certificate Authority Class 3 Public Primary Certification Authority Server authentication, client authentication, code signing, secure messaging, IP security tunnel termination, Internet Protocol security (IPsec) user, Internet Protocol security (IPsec) Internet Key Exchange (IKE) intermediate, time stamping, file-system encryption Server authentication, client authentication, secure messaging, code signing Server authentication, client authentication, secure messaging, code signing, time stamping Secure messaging, client authentication, code signing, server authentication 6

7 VeriSign VeriSign Class 3 Public Primary Certification Authority VeriSign Trust Network Secure messaging, client authentication, code signing, server authentication Secure messaging, client authentication, code signing, server authentication VeriSign VeriSign Class 3 Public Primary Certification Authority - G5 Server authentication, client authentication, secure messaging, code signing The SSL certificate that you use to enroll with the Microsoft Federation Gateway must be a certificate that shows ownership of the AD RMS cluster's extranet URL. If the AD RMS cluster is configured with an intranet URL that is different from the extranet URL and if the intranet URL is not a domain name that can be accessed from the Internet, you must install the SSL certificate associated with the extranet URL on this AD RMS server and then select that certificate when enrolling with the Microsoft Federation Gateway. If the SSL certificate contains a subject alternate name (SAN), the last entry in the SAN list must be the fully qualified domain name of the domain you want to enroll with the Microsoft Federation Gateway. To avoid conflicts, you should not enroll your AD RMS cluster with the Microsoft Federation Gateway by using the same URL that has been used to federate another resource with the Microsoft Federation Gateway. Other federated relationships to the Microsoft Federation Gateway can include (but are not limited to) federations to Microsoft Online and Microsoft Exchange Server. If you have already used the URL that your AD RMS cluster uses as its external URL to federate with the Microsoft Federation Gateway for another purpose, you must enroll the AD RMS cluster with the Microsoft Federation Gateway by creating and using a certificate that contains the AD RMS URL as the last entry in the SAN and with a common name (CN) that is not the same as the registered resource. For example, if the DNS name of your AD RMS server is resource.contoso.com, and if that name has already been used by another resource that has been federated to the Microsoft Federation Gateway, you can create a certificate in the following format to avoid federation conflicts: Subject: CN=adrmsservice.contoso.com SAN: DNS Name=adrmsservice.contoso.com DNS Name=resource.contoso.com The virtual directories that are created for use by Microsoft Federation Gateway Support use Because of this, your firewall must be configured to enable data to pass through. Note, however, that the transactions for Microsoft Federation Gateway Support use message-level security. 7

8 Adding Microsoft Federation Gateway Support Windows Server 2008 R2 with Service Pack 1 (SP1) must be installed on every server in your Active Directory Rights Management Services (AD RMS) cluster before you can add Microsoft Federation Gateway Support to the servers in your cluster. Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. Important Before adding Microsoft Federation Gateway Support, back up the AD RMS configuration database. To add Microsoft Federation Gateway Support 1. Log on to a server in the 2. Open the Active Directory Rights Management Services console and expand the 3. In the console tree, click Trust Policies, and then in the Actions pane, click Add Microsoft Federation Gateway Support. 4. When the Microsoft Federation Gateway wizard appears, click Next. 5. Click Finish. 6. Repeat steps 1-5 on all other servers in the Caution Before uninstalling Service Pack 1 for Windows Server 2008 R2, you must remove Microsoft Federation Gateway Support from the Failure to do this may cause an inconsistent configuration of your For more information, see Removing Microsoft Federation Gateway Support. Checklist: Deploying Microsoft Federation Gateway Support Enrolling and Enabling Microsoft Federation Gateway Support In order to use the Microsoft Federation Gateway, after you add Microsoft Federation Gateway Support, you must enroll your Active Directory Rights Management Services (AD RMS) cluster with the Microsoft Federation Gateway. After this, you must configure and enable Microsoft Federation Gateway Support. The following procedure explains this process. 8

9 Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To enroll the AD RMS cluster and enable Microsoft Federation Gateway Support 1. Log on to a server in the 2. Open the Active Directory Rights Management Services console and expand the 3. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the Actions pane, click Configure Microsoft Federation Gateway Support. 5. When the Enroll Cluster with the Microsoft Federation Gateway wizard appears, verify that the SSL certificate is the correct certificate that proves domain ownership for enrolling with the Microsoft Federation Gateway. If it is not, click Browse to select the correct certificate. For information about which certificate to select, see Important considerations for installing AD RMS Microsoft Federation Gateway Support. 6. Click Next, and then click Finish. 7. On all servers in the AD RMS cluster, do the following. a. Open the Active Directory Rights Management Services console and expand the b. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support. c. In the Actions pane, click Grant permissions to token decryption certificate on this server. Note If this link is not present in the Actions pane, the necessary permission has already been granted on this server. 8. Perform the following tasks, as needed: Setting the Microsoft Federation Gateway Support RAC Validity Period Managing Licensing Domains Managing Publishing Domains 9. In the Actions pane, click Enable Microsoft Federation Gateway Support. Deploying and Configuring Microsoft Federation Gateway Support 9

10 Managing Microsoft Federation Gateway Support After you enroll your Active Directory Rights Management Services (AD RMS) cluster with Microsoft Federation Gateway Support, there is little additional management required, other than what is required to maintain the list of external organizations that can receive licenses from the Also, it may be occasionally necessary to manage the certificates that Microsoft Federation Gateway Support uses. To establish or terminate a trust relationship with an external organization, you manage two lists of domains, the Microsoft Federation Gateway Support licensing and publishing domains. The list of licensing domains consists of the user and domain names owned by external organizations that you want to allow AD RMS to issue licenses to or that you want to prevent from receiving licenses from your The list of publishing domains contains the domain names that you want your AD RMS cluster to issue publishing licenses to. For more information about AD RMS licenses, see Understanding AD RMS certificates. AD RMS Microsoft Federation Gateway Support relies on two certificates to ensure the authenticity of the parties of the federated relationship between AD RMS and the external organizations whose identities are brokered by the Microsoft Federation Gateway. These certificates are the cluster SSL certificate that AD RMS uses as the token decryption certificate, the Microsoft Federation Gateway certificate that verifies the identity of the Microsoft Federation Gateway to the AD RMS cluster, and the rights account certificate (RAC) that AD RMS issues to identify a user who attempts to open rights-protected content. You can update the token decryption certificate (when the cluster SSL certificate is about to expire, for example) and the Microsoft Federation Gateway certificate, and you can change the length of time that AD RMS will recognize RACs that are issued to federated users. Finally, you can control how Microsoft Federation Gateway Support functions by temporarily disabling Microsoft Federation Gateway Support, or you can terminate the federation relationship between the AD RMS cluster and the Microsoft Federation Gateway altogether. This section provides information and instructions to help you with the following management tasks: Managing Licensing Domains Managing Publishing Domains Managing Microsoft Federation Gateway Support Certificates Disabling Microsoft Federation Gateway Support Terminating the Federation Relationship 10

11 Managing Licensing Domains You can control the federated domains that the Active Directory Rights Management Services (AD RMS) cluster will provide licenses to. You can do this either by specifying the users and domains that can receive licenses, or by specifying the users and domains that will be blocked from receiving licenses. Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure. To allow or block domains for licensing 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the results pane, click Manage Microsoft Federation Gateway Support. 5. In the Microsoft Federation Gateway Support dialog box, click the Licensing Domains tab. 6. Do one of the following: Click Allow to specify which users and domains will be permitted receive licenses from the Click Block to specify which users and domains will not be permitted to receive licenses from the 7. To add a user or domain to the list, in the box type the user s address in the form or domain name in the form domain.com, and then click Add. You can also use an asterisk (*) to specify all users and domains. 8. To remove a user or domain from the list, select the user s address or the domain, and then click Remove. 9. Click OK. Managing Microsoft Federation Gateway Support Managing Publishing Domains You can control the federated domains that the Active Directory Rights Management Services (AD RMS) cluster will provide publishing licenses to. Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. 11

12 To allow domains for publishing 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the results pane, click Manage Microsoft Federation Gateway Support. 5. In the Microsoft Federation Gateway Support dialog box, click the Publishing Domains tab. 6. To add a domain to the list, in the box type the domain name, and then click Add. You can also use an asterisk (*) to specify all domains. 7. To remove a domain from the list, select the domain, and then click Remove. 8. Click OK. Managing Microsoft Federation Gateway Support Managing Microsoft Federation Gateway Support Certificates The certificates used by Microsoft Federation Gateway Support rarely require management, occasionally circumstances might arise which require you to update a certificate or change how long rights account certificates (RACs) will be recognized. The topics in this section will help you perform these occasional tasks. This section contains the following topics: About Microsoft Federation Gateway Support Certificates Updating the Token Decryption Certificate Updating the Microsoft Federation Gateway Certificate Setting the Microsoft Federation Gateway Support RAC Validity Period About Microsoft Federation Gateway Support Certificates This topic describes the certificates used by Microsoft Federation Gateway Support and briefly explains why you might need to manage them and how to do so. When you add Microsoft Federation Gateway Support to the servers in your Active Directory Rights Management Services (AD RMS) cluster and enroll the cluster with the Microsoft 12

13 Federation Gateway, two certificates are exchanged between your AD RMS cluster and the Microsoft Federation Gateway: a token decryption certificate and the Microsoft Federation Gateway certificate. The token decryption certificate is an X.509 certificate that the AD RMS cluster uses to establish its identity to the Microsoft Federation Gateway. The Microsoft Federation Gateway uses this certificate when encrypting the security tokens that it sends to your The token decryption certificate is the SSL certificate that you specify when you enroll your AD RMS cluster with the Microsoft Federation Gateway. Typically, the certificate that you specify as the token signing certificate is the SSL certificate that you use to configure the SSL ( URL for the If you use different SSL connections for your intranet and extranet URLs, you must use the SSL certificate used to configure the extranet URL. Whenever you change the certificate that you use to configure the external URL of the AD RMS, you must immediately update the Microsoft Federation Gateway Support token decryption certificate. The Microsoft Federation Gateway certificate is the certificate that the AD RMS cluster receives from the Microsoft Federation Gateway when the cluster is enrolled with the Microsoft Federation Gateway. The Microsoft Federation Gateway uses this certificate to sign the tokens that it sends to the Normally, it is not necessary to update this certificate manually unless your Microsoft Federation Gateway cluster is unable to do so automatically. A third type of certificate that affects how Microsoft Federation Gateway Support operates is the rights account certificate (RAC). A standard RAC identifies a user by account credentials in the context of a specific computer or device and has a validity time measured in number of days. The default validity time for a standard RAC is 365 days. Because your organization might have different requirements for RACs issued to internal users and RACs issued to external (federated) users, you can change the default validity time for RACs issued by your AD RMS cluster to users federated through the Microsoft Federation Gateway. Enrolling and Enabling Microsoft Federation Gateway Support Updating the Token Decryption Certificate Updating the Microsoft Federation Gateway Certificate Setting the Microsoft Federation Gateway Support RAC Validity Period Updating the Token Decryption Certificate You can update the token decryption certificate, as needed. Because the token decryption certificate is the SSL certificate for the Active Directory Rights Management Services (AD RMS) cluster, you must update the token decryption certificate if you change the cluster SSL certificate, for example before it is about to expire. After you update the token decryption certificate, you 13

14 must grant the AD RMS Services group permission to access the certificate on all servers in the Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To update the token decryption certificate 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the pane, click Configure Microsoft Federation Gateway settings. 5. In the Enroll Cluster with Microsoft Federation Gateway wizard, click Update Microsoft Federation Gateway Settings, select Update Token Decryption Certificate, and then click Browse. 6. In the Select Certificate dialog box, select the SSL certificate of the AD RMS cluster, and then click Select. For information about which certificate to select, see Important considerations for installing AD RMS Microsoft Federation Gateway Support. 7. Click Next, and then click Finish. 8. On all servers in the AD RMS cluster, do the following. a. Open the Active Directory Rights Management Services console and expand the b. In the console tree, expand Trust Policies, and then click Microsoft Federation Gateway Support. c. In the Actions pane, click Grant permissions to token decryption certificate on this server. Note If this link is not present in the Actions pane, the necessary permission has already been granted on this server. About Microsoft Federation Gateway Support Certificates Managing Microsoft Federation Gateway Support Certificates Enrolling and Enabling Microsoft Federation Gateway Support 14

15 Updating the Microsoft Federation Gateway Certificate You can update the Microsoft Federation Gateway certificate, as needed. Normally, you do not need to update this certificate unless your Active Directory Rights Management Services (AD RMS) is unable to do so automatically. Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To update the Microsoft Federation Gateway certificate 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the pane, click Configure Microsoft Federation Gateway settings. 5. In the Enroll Cluster with Microsoft Federation Gateway wizard, click Update Microsoft Federation Gateway Settings, select Update Microsoft Federation Gateway Certificate, and then click Next. 6. Click Finish. About Microsoft Federation Gateway Support Certificates Managing Microsoft Federation Gateway Support Certificates Enrolling and Enabling Microsoft Federation Gateway Support Setting the Microsoft Federation Gateway Support RAC Validity Period If your organization has different needs for how long rights account certificates (RACs) issued to internal and external (federated) users remain valid, you can configure how long the Microsoft Federation Gateway Support RAC remains valid. Membership in the local AD RMS Enterprise Administrators, or equivalent, is the minimum required to complete this procedure. To set the Microsoft Federation Gateway Support RAC validity period 15

16 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the results pane, click Manage Microsoft Federation Gateway Support. 5. In the Microsoft Federation Gateway Support dialog box, in Microsoft Federation Gateway RAC validity period (days), select or type the number of days you want the RAC to remain valid, and then click OK. About Microsoft Federation Gateway Support Certificates Managing Microsoft Federation Gateway Support Certificates Disabling Microsoft Federation Gateway Support You can disable the Microsoft Federation Gateway Support service on a server, for example if you are preparing to remove Active Directory Rights Management Services (AD RMS) from the server. Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To disable Microsoft Federation Gateway Support 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in console and expand the 3. In the Actions pane, click Disable Microsoft Federation Gateway Support. Managing Microsoft Federation Gateway Support Terminating the Federation Relationship When the Active Directory Rights Management Services (AD RMS) cluster is enrolled with the Microsoft Federation Gateway, you can discontinue the enrollment without disabling Microsoft Federation Gateway Support. You can enroll again with the Microsoft Federation Gateway later. 16

17 Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To terminate the federation relationship 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in and expand the 3. Expand Trust Policies, and then click Microsoft Federation Gateway Support. 4. In the Actions pane, click Configure Microsoft Federation Gateway settings. 5. In the Enroll Cluster with Microsoft Federation Gateway wizard, click Terminate Federation Relationship, and then verify that the SSL certificate is the correct certificate for enrolling with the Microsoft Federation Gateway. If it is not, click Browse to select the correct certificate. 6. Click Next, and then click Finish. Managing Microsoft Federation Gateway Support Enrolling and Enabling Microsoft Federation Gateway Support Removing Microsoft Federation Gateway Support If you no longer want to use Microsoft Federation Gateway Support in Active Directory Rights Management Services (AD RMS), you can remove Microsoft Federation Gateway Support from your AD RMS cluster Caution Before uninstalling Service Pack 1 for Windows Server 2008 R2, you must remove Microsoft Federation Gateway Support from the Failure to do this may cause an inconsistent configuration of your Membership in the AD RMS Enterprise Administrators and the local Administrators group, or equivalent, is the minimum required to complete this procedure. To remove Microsoft Federation Gateway Support 1. Log on to a server in the 2. Open the Active Directory Rights Management Services snap-in console and expand the 3. In the Actions pane, click Configure Microsoft Federation Gateway settings. 4. In the Enroll Cluster with Microsoft Federation Gateway wizard, click Terminate 17

18 Federation Relationship, and then verify that the SSL certificate is the certificate that was used to enroll with the Microsoft Federation Gateway. If it is not, click Browse to select the correct certificate. 5. Click Next, and then click Finish. 6. In the tree, click Trust Policies, and then in the Action pane, click Remove Microsoft Federation Gateway Support. 7. In the Microsoft Federation Gateway Support wizard, click Next, and then click Finish. 8. Repeat steps 6 and 7 on all other servers in the AD RMS cluster before uninstalling Service Pack 1 for Windows Server 2008 R2 from those servers. Managing Microsoft Federation Gateway Support 18

Setting Up SSL on IIS6 for MEGA Advisor

Setting Up SSL on IIS6 for MEGA Advisor Setting Up SSL on IIS6 for MEGA Advisor Revised: July 5, 2012 Created: February 1, 2008 Author: Melinda BODROGI CONTENTS Contents... 2 Principle... 3 Requirements... 4 Install the certification authority

More information

AD RMS Step-by-Step Guide

AD RMS Step-by-Step Guide AD RMS Step-by-Step Guide Microsoft Corporation Published: March 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide provides instructions for setting up a test environment to

More information

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery

HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Securing HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Requesting and Applying an SSL Certificate to secure communication ion from Clearwell E-Discovery to Enterprise

More information

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2

AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2 Contents AD RMS Windows Server 2008 to Windows Server 2008 R2 Migration and Upgrade Guide... 2 About this guide... 2 Preparing for the migration or upgrade of an AD RMS cluster... 2 Checklist: Preparing

More information

Security IIS Service Lesson 6

Security IIS Service Lesson 6 Security IIS Service Lesson 6 Skills Matrix Technology Skill Objective Domain Objective # Configuring Certificates Configure SSL security 3.6 Assigning Standard and Special NTFS Permissions Enabling and

More information

6421B: How to Install and Configure DirectAccess

6421B: How to Install and Configure DirectAccess Demonstration Overview Introduction In preparation for this demonstration, the following computers have been configured: NYC-DC1 is an Active Directory Domain Services (AD DS) domain controller and DNS

More information

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson

How to Install Microsoft Mobile Information Server 2002 Server ActiveSync. Joey Masterson How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson How to Install Microsoft Mobile Information Server 2002 Server ActiveSync Joey Masterson Copyright Information

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication

Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication in XenMobile 8.6 with a Focus on Client Certificate Authentication Authentication is about security and user experience and balancing the two goals. This document describes the authentication

More information

Configuring Security Features of Session Recording

Configuring Security Features of Session Recording Configuring Security Features of Session Recording Summary This article provides information about the security features of Citrix Session Recording and outlines the process of configuring Session Recording

More information

TS Gateway Step-By-Step Guide

TS Gateway Step-By-Step Guide TS Gateway Step-By-Step Guide Microsoft Corporation Published: December 2007 Modified: July 2008 Abstract Terminal Services Gateway (TS Gateway) is a new role service available to users of the Microsoft

More information

ADFS Integration Guidelines

ADFS Integration Guidelines ADFS Integration Guidelines Version 1.6 updated March 13 th 2014 Table of contents About This Guide 3 Requirements 3 Part 1 Configure Marcombox in the ADFS Environment 4 Part 2 Add Relying Party in ADFS

More information

App Orchestration 2.0

App Orchestration 2.0 App Orchestration 2.0 Configuring NetScaler Load Balancing and NetScaler Gateway for App Orchestration Prepared by: Christian Paez Version: 1.0 Last Updated: December 13, 2013 2013 Citrix Systems, Inc.

More information

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide

Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Installing Windows Rights Management Services with Service Pack 2 Step-by- Step Guide Microsoft Corporation Published: October 2006 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step guide

More information

App Orchestration 2.5

App Orchestration 2.5 Configuring NetScaler 10.5 Load Balancing with StoreFront 2.5.2 and NetScaler Gateway for Prepared by: James Richards Last Updated: August 20, 2014 Contents Introduction... 3 Configure the NetScaler load

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

Step-by-Step Guide for Setting Up VPN-based Remote Access in a

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Page 1 of 41 TechNet Home > Products & Technologies > Server Operating Systems > Windows Server 2003 > Networking and Communications Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test

More information

BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server

BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server BT Office Anywhere Configuring Mobile Outlook Email Synchronisation with Exchange Server Contents Page 1 Introduction 3 2 Skill Level 3 3 Requirements 4 4 Enabling Outlook Email on the Mobile Device 5

More information

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide

Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Creating and Deploying Active Directory Rights Management Services Templates Step-by-Step Guide Microsoft Corporation Published: January 2008 Author: Brian Lich Editor: Carolyn Eller Abstract This step-by-step

More information

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway

Unifying Information Security. Implementing TLS on the CLEARSWIFT SECURE Email Gateway Unifying Information Security Implementing TLS on the CLEARSWIFT SECURE Email Gateway Contents 1 Introduction... 3 2 Understanding TLS... 4 3 Clearswift s Application of TLS... 5 3.1 Opportunistic TLS...

More information

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide

Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide Deploying Remote Desktop Connection Broker with High Availability Step-by-Step Guide Microsoft Corporation Published: May 2010 Abstract This guide describes the steps for configuring Remote Desktop Connection

More information

Active Directory integration with CloudByte ElastiStor

Active Directory integration with CloudByte ElastiStor Active Directory integration with CloudByte ElastiStor Prerequisite Change the time and the time zone of the Active Directory Server to the VSM time and time zone. Enabling Active Directory at VSM level

More information

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate Outlook Web Access Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate Copyright. All rights reserved. Trustis Limited Building 273 New Greenham Park Greenham Common Thatcham

More information

RoomWizard Synchronization Software Manual Installation Instructions

RoomWizard Synchronization Software Manual Installation Instructions 2 RoomWizard Synchronization Software Manual Installation Instructions Table of Contents Exchange Server Configuration... 4 RoomWizard Synchronization Software Installation and Configuration... 5 System

More information

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab

Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Step-by-Step Guide for Creating and Testing Connection Manager Profiles in a Test Lab Microsoft Corporation Published: May, 2005 Author: Microsoft Corporation Abstract This guide describes how to create

More information

Using etoken for Securing E-mails Using Outlook and Outlook Express

Using etoken for Securing E-mails Using Outlook and Outlook Express Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered

More information

Clearswift Information Governance

Clearswift Information Governance Clearswift Information Governance Implementing the CLEARSWIFT SECURE Encryption Portal on the CLEARSWIFT SECURE Email Gateway Version 1.10 02/09/13 Contents 1 Introduction... 3 2 How it Works... 4 3 Configuration

More information

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab

Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab Página 1 de 54 Step-by-Step Guide for Setting Up VPN-based Remote Access in a Test Lab This guide provides detailed information about how you can use five computers to create a test lab with which to configure

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

Step By Step Guide: Demonstrate DirectAccess in a Test Lab

Step By Step Guide: Demonstrate DirectAccess in a Test Lab Step By Step Guide: Demonstrate DirectAccess in a Test Lab Microsoft Corporation Published: May 2009 Updated: October 2009 Abstract DirectAccess is a new feature in the Windows 7 and Windows Server 2008

More information

Exchange 2010 PKI Configuration Guide

Exchange 2010 PKI Configuration Guide Exchange 2010 PKI Configuration Guide Overview 1. Summary 2. Environment 3. Configuration a) Active Directory Configuration b) CA Configuration c) Exchange Server IIS Configuration d) Exchange Configuration

More information

RSA envision Windows Eventing Collector Service Deployment Overview Guide

RSA envision Windows Eventing Collector Service Deployment Overview Guide RSA envision Windows Eventing Collector Service Deployment Overview Guide Contact Information Go to the RSA corporate web site for regional Customer Support telephone and fax numbers: www.rsa.com Trademarks

More information

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008

Integration Guide. Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide Microsoft Active Directory Rights Management Services (AD RMS) Microsoft Windows Server 2008 Integration Guide: Microsoft Active Directory Rights Management Services (AD RMS) Imprint

More information

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

Configuring Global Protect SSL VPN with a user-defined port

Configuring Global Protect SSL VPN with a user-defined port Configuring Global Protect SSL VPN with a user-defined port Version 1.0 PAN-OS 5.0.1 Johan Loos johan@accessdenied.be Global Protect SSL VPN Overview This document gives you an overview on how to configure

More information

Chapter 2 Editor s Note:

Chapter 2 Editor s Note: [Editor s Note: The following content was excerpted from the free ebook The Tips and Tricks Guide to Securing Windows Server 2003 (Realtimepublishers.com) written by Roberta Bragg and available at http://www.netiq.com/offers/ebooks.]

More information

Deploying Remote Desktop IP Virtualization Step-by-Step Guide

Deploying Remote Desktop IP Virtualization Step-by-Step Guide Deploying Remote Desktop IP Virtualization Step-by-Step Guide Microsoft Corporation Updated: April 2010 Published: July 2009 Abstract Remote Desktop IP Virtualization provides administrators the ability

More information

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government.

VeriSign PKI Client Government Edition v 1.5. VeriSign PKI Client Government. VeriSign PKI Client VeriSign, Inc. Government. END USER S GUIDE VeriSign PKI Client Government Edition v 1.5 End User s Guide VeriSign PKI Client Government Version 1.5 Administrator s Guide VeriSign PKI Client VeriSign, Inc. Government Copyright 2010

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide

Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide c623242f-20f0-40fe-b5c1-8412a094fdc7 Deploying Personal Virtual Desktops by Using RemoteApp and Desktop Connection Step-by-Step Guide Microsoft Corporation Published: June 2009 Updated: April 2010 Abstract

More information

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we

More information

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG)

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG) How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG) Introduction Understanding Forefront Threat Management Gateway (TMG) Network Topology Understanding Forefront Threat Management

More information

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2. www.thales-esecurity.com

Thales nshield HSM. ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2. www.thales-esecurity.com Thales nshield HSM ADRMS Integration Guide for Windows Server 2008 and Windows Server 2008 R2 www.thales-esecurity.com Version: 1.0 Date: 11 June 2012 Copyright 2012 Thales e-security Limited. All rights

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this

More information

Microsoft Office Web Apps Server 2013 Integration with SharePoint 2013 Setting up Load Balanced Office Web Apps Farm with SSL (HTTPS)

Microsoft Office Web Apps Server 2013 Integration with SharePoint 2013 Setting up Load Balanced Office Web Apps Farm with SSL (HTTPS) Microsoft Office Web Apps Server 2013 Integration with SharePoint 2013 Setting up Load Balanced Office Web Apps Farm with SSL (HTTPS) December 25 th, 2015 V.1.0 Prepared by: Manoj Karunarathne MCT, MCSA,

More information

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy

External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy External Authentication with Citrix Secure Gateway - Presentation server Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010 1210

More information

WatchGuard Mobile User VPN Guide

WatchGuard Mobile User VPN Guide WatchGuard Mobile User VPN Guide Mobile User VPN establishes a secure connection between an unsecured remote host and a protected network over an unsecured network using Internet Protocol Security (IPSec).

More information

Windows Mobile SSL Certificates

Windows Mobile SSL Certificates Windows Mobile SSL Certificates Configuring Security Enhanced Communication on Exchange Server 2003 SP2 or 2007 with Windows Mobile Powered Devices White Paper Published: May 2007 For the latest information,

More information

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted

More information

HOTPin Integration Guide: DirectAccess

HOTPin Integration Guide: DirectAccess 1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility

More information

NSi Mobile Installation Guide. Version 6.2

NSi Mobile Installation Guide. Version 6.2 NSi Mobile Installation Guide Version 6.2 Revision History Version Date 1.0 October 2, 2012 2.0 September 18, 2013 2 CONTENTS TABLE OF CONTENTS PREFACE... 5 Purpose of this Document... 5 Version Compatibility...

More information

Mobility Manager 9.0. Installation Guide

Mobility Manager 9.0. Installation Guide Mobility Manager 9.0 Installation Guide LANDESK MOBILITY MANAGER Copyright 2002-2012, LANDesk Software, Inc. and its affiliates. All rights reserved. LANDesk and its logos are registered trademarks or

More information

Using Entrust certificates with VPN

Using Entrust certificates with VPN Entrust Managed Services PKI Using Entrust certificates with VPN Document issue: 1.0 Date of issue: May 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark or a registered trademark

More information

F-Secure Messaging Security Gateway. Deployment Guide

F-Secure Messaging Security Gateway. Deployment Guide F-Secure Messaging Security Gateway Deployment Guide TOC F-Secure Messaging Security Gateway Contents Chapter 1: Deploying F-Secure Messaging Security Gateway...3 1.1 The typical product deployment model...4

More information

RSA Security Analytics

RSA Security Analytics RSA Security Analytics Event Source Log Configuration Guide Microsoft Windows using Eventing Collection Last Modified: Thursday, July 30, 2015 Event Source Product Information: Vendor: Microsoft Event

More information

ADFS for. LogMeIn and join.me authentication

ADFS for. LogMeIn and join.me authentication ADFS for LogMeIn and join.me authentication ADFS for join.me authentication This step-by-step guide walks you through the process of configuring ADFS for join.me authentication. Set-up Overview 1) Prerequisite:

More information

Microsoft Dynamics CRM Server 2011 software requirements

Microsoft Dynamics CRM Server 2011 software requirements Microsoft Dynamics CRM Server 2011 software requirements This section lists the software and application requirements for Microsoft Dynamics CRM Server 2011. Windows Server operating system: Microsoft

More information

ECA IIS Instructions. January 2005

ECA IIS Instructions. January 2005 ECA IIS Instructions January 2005 THIS PAGE INTENTIONALLY BLANK ECA IIS Instructions ii July 22, 2005 Table of Contents 1. Install Certificate in IIS 5.0... 1 2. Obtain and Install the ECA Root Certificate

More information

Installing and Configuring vcenter Multi-Hypervisor Manager

Installing and Configuring vcenter Multi-Hypervisor Manager Installing and Configuring vcenter Multi-Hypervisor Manager vcenter Server 5.1 vcenter Multi-Hypervisor Manager 1.1 This document supports the version of each product listed and supports all subsequent

More information

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0 Microsoft Corporation Published: September 2009 Abstract This step-by-step guide describes a sample scenario for installing Microsoft

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

Wavecrest Certificate

Wavecrest Certificate Wavecrest InstallationGuide Wavecrest Certificate www.wavecrest.net Copyright Copyright 1996-2015, Wavecrest Computing, Inc. All rights reserved. Use of this product and this manual is subject to license.

More information

WhatsUp Gold v16.3 Installation and Configuration Guide

WhatsUp Gold v16.3 Installation and Configuration Guide WhatsUp Gold v16.3 Installation and Configuration Guide Contents Installing and Configuring WhatsUp Gold using WhatsUp Setup Installation Overview... 1 Overview... 1 Security considerations... 2 Standard

More information

MadCap Software. Upgrading Guide. Pulse

MadCap Software. Upgrading Guide. Pulse MadCap Software Upgrading Guide Pulse Copyright 2014 MadCap Software. All rights reserved. Information in this document is subject to change without notice. The software described in this document is furnished

More information

ISA Server Plugins Setup Guide

ISA Server Plugins Setup Guide ISA Server Plugins Setup Guide Secure Web (Webwasher) Version 1.3 Copyright 2008 Secure Computing Corporation. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

DIGIPASS CertiID. Getting Started 3.1.0

DIGIPASS CertiID. Getting Started 3.1.0 DIGIPASS CertiID Getting Started 3.1.0 Disclaimer Disclaimer of Warranties and Limitations of Liabilities The Product is provided on an 'as is' basis, without any other warranties, or conditions, express

More information

Introduction to the EIS Guide

Introduction to the EIS Guide Introduction to the EIS Guide The AirWatch Enterprise Integration Service (EIS) provides organizations the ability to securely integrate with back-end enterprise systems from either the AirWatch SaaS environment

More information

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor Adobe Enterprise & Developer Support Knowledge Article ID: c4715 bc Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor In addition to manually creating users and user permissions,

More information

Document Classification: Public Document Name: SAPO Trust Centre - Generating a SSL CSR for IIS with SAN Document Reference:

Document Classification: Public Document Name: SAPO Trust Centre - Generating a SSL CSR for IIS with SAN Document Reference: SAPO Trust Centre - Generating a SSL CSR for IIS with SAN 1. Open Certificate MMC snap in for your computer 2. Click on Start > Run > MMC > File >Add/Remove Snap In > Select Certificates > Click Add >

More information

Group Management Server User Guide

Group Management Server User Guide Group Management Server User Guide Table of Contents Getting Started... 3 About... 3 Terminology... 3 Group Management Server is Installed what do I do next?... 4 Installing a License... 4 Configuring

More information

Installation and Configuration Guide

Installation and Configuration Guide Entrust Managed Services PKI Auto-enrollment Server 7.0 Installation and Configuration Guide Document issue: 1.0 Date of Issue: July 2009 Copyright 2009 Entrust. All rights reserved. Entrust is a trademark

More information

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide

BlackBerry Enterprise Service 10. Universal Device Service Version: 10.2. Administration Guide BlackBerry Enterprise Service 10 Universal Service Version: 10.2 Administration Guide Published: 2015-02-24 SWD-20150223125016631 Contents 1 Introduction...9 About this guide...10 What is BlackBerry

More information

How to Configure a Secure Connection to Microsoft SQL Server

How to Configure a Secure Connection to Microsoft SQL Server How to Configure a Secure Connection to Microsoft SQL Server 1993-2015 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means (electronic, photocopying,

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3)

Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3) Step-by-step installation guide for monitoring untrusted servers using Operations Manager (Part 1 of 3) Most of the time through Operations Manager, you may require to monitor servers and clients that

More information

How to Logon with Domain Credentials to a Server in a Workgroup

How to Logon with Domain Credentials to a Server in a Workgroup How to Logon with Domain Credentials to a Server in a Workgroup Johan Loos johan@accessdenied.be Version 1.0 Authentication Overview Basically when you logon to a Windows Server you can logon locally using

More information

Secure Web Appliance. SSL Intercept

Secure Web Appliance. SSL Intercept Secure Web Appliance SSL Intercept Table of Contents 1. Introduction... 1 1.1. About CYAN Secure Web Appliance... 1 1.2. About SSL Intercept... 1 1.3. About this Manual... 1 1.3.1. Document Conventions...

More information

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling This document covers the following Microsoft Exchange Server Editions Microsoft Exchange Enterprise Edition 2007 Microsoft Exchange

More information

Configuration Guide. BES12 Cloud

Configuration Guide. BES12 Cloud Configuration Guide BES12 Cloud Published: 2016-04-08 SWD-20160408113328879 Contents About this guide... 6 Getting started... 7 Configuring BES12 for the first time...7 Administrator permissions you need

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Manual installation of agents and importing the SCOM certificate to the servers to be monitored:

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information

Microsoft Corporation. Project Server 2010 Installation Guide

Microsoft Corporation. Project Server 2010 Installation Guide Microsoft Corporation Project Server 2010 Installation Guide Office Asia Team 11/4/2010 Table of Contents 1. Prepare the Server... 2 1.1 Install KB979917 on Windows Server... 2 1.2 Creating users and groups

More information

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE)

SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) 12/15/2012 WALISYSTEMSINC.COM SETUP SSL IN SHAREPOINT 2013 (USING SELF-SIGNED CERTIFICATE) Setup SSL in SharePoint 2013 In the last article (link below), you learned how to setup SSL in SharePoint 2013

More information

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE

HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE HELP DOCUMENTATION E-SSOM DEPLOYMENT GUIDE Copyright 1998-2013 Tools4ever B.V. All rights reserved. No part of the contents of this user guide may be reproduced or transmitted in any form or by any means

More information

Introduction to Directory Services

Introduction to Directory Services Introduction to Directory Services Overview This document explains how AirWatch integrates with your organization's existing directory service such as Active Directory, Lotus Domino and Novell e-directory

More information

Installing Policy Patrol on a separate machine

Installing Policy Patrol on a separate machine Policy Patrol 3.0 technical documentation July 23, 2004 Installing Policy Patrol on a separate machine If you have Microsoft Exchange Server 2000 or 2003 it is recommended to install Policy Patrol on the

More information

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see Deploy Inbox Rules below. Configure the E-mail Router After the E-mail Router has been installed, you can configure several aspects of it. Some of these configuration tasks are mandatory. Others are optional in that you use them

More information

Deploying F5 with Microsoft Active Directory Federation Services

Deploying F5 with Microsoft Active Directory Federation Services F5 Deployment Guide Deploying F5 with Microsoft Active Directory Federation Services This F5 deployment guide provides detailed information on how to deploy Microsoft Active Directory Federation Services

More information

http://docs.trendmicro.com

http://docs.trendmicro.com Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the product, please review the readme files,

More information

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users SyAM Management Utilities and Non-Admin Domain Users Some features of SyAM Management Utilities, including Client Deployment and Third Party Software Deployment, require authentication credentials with

More information

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background

Customer Tips. Xerox Network Scanning HTTP/HTTPS Configuration using Microsoft IIS. for the user. Purpose. Background Xerox Multifunction Devices Customer Tips June 5, 2007 This document applies to these Xerox products: X WC Pro 232/238/245/ 255/265/275 for the user Xerox Network Scanning HTTP/HTTPS Configuration using

More information

Server Installation Guide ZENworks Patch Management 6.4 SP2

Server Installation Guide ZENworks Patch Management 6.4 SP2 Server Installation Guide ZENworks Patch Management 6.4 SP2 02_016N 6.4SP2 Server Installation Guide - 2 - Notices Version Information ZENworks Patch Management Server Installation Guide - ZENworks Patch

More information

How to configure HTTPS proxying in Zorp 5

How to configure HTTPS proxying in Zorp 5 How to configure HTTPS proxying in Zorp 5 June 24, 2014 This tutorial describes how to configure Zorp to proxy HTTPS traffic Copyright 1996-2014 BalaBit IT Security Ltd. Table of Contents 1. Preface...

More information

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview

Secure Socket Layer (SSL) Machines included: Contents 1: Basic Overview Secure Socket Layer (SSL) Machines included: HL-4040CN HL-4050CDN HL-4070CDW DCP-9040CN DCP-9045CDN MFC-9440CN MFC-9840CDW Contents 1) Basic overview 2) Brief history 3) Benefit of using SSL 4) How to

More information

Deploying System Center 2012 R2 Configuration Manager

Deploying System Center 2012 R2 Configuration Manager Deploying System Center 2012 R2 Configuration Manager This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.

More information

Windows Server Update Services 3.0 SP2 Step By Step Guide

Windows Server Update Services 3.0 SP2 Step By Step Guide Windows Server Update Services 3.0 SP2 Step By Step Guide Microsoft Corporation Author: Anita Taylor Editor: Theresa Haynie Abstract This guide provides detailed instructions for installing Windows Server

More information

Windows Phone 8 Device Management

Windows Phone 8 Device Management Windows Phone 8 Device Management with Windows Intune and System Center Configuration Manager SP1 This white paper is part of a series of technical papers designed to help IT professionals evaluate Windows

More information

How to Secure a Groove Manager Web Site

How to Secure a Groove Manager Web Site How to Secure a Groove Manager Web Site Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations,

More information

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide

MicrosoftDynam ics GP 2015. TenantServices Installation and Adm inistration Guide MicrosoftDynam ics GP 2015 TenantServices Installation and Adm inistration Guide Copyright Copyright 2014 Microsoft Corporation. All rights reserved. Limitation of liability This document is provided as-is.

More information

SSL Intercept Mode. Certificate Installation Guide. Revision 1.0.0. Warning and Disclaimer

SSL Intercept Mode. Certificate Installation Guide. Revision 1.0.0. Warning and Disclaimer SSL Intercept Mode Certificate Installation Guide Revision 1.0.0 Warning and Disclaimer This document is designed to provide information about the configuration of CensorNet Professional. Every effort

More information

Virtual Data Centre. User Guide

Virtual Data Centre. User Guide Virtual Data Centre User Guide 2 P age Table of Contents Getting Started with vcloud Director... 8 1. Understanding vcloud Director... 8 2. Log In to the Web Console... 9 3. Using vcloud Director... 10

More information