Using X.509 authentication

In order to use X.509 authentication, you need to install your own, or our sample certificates. Kentico CMS is delivered with sample client and server private certificates. In order to install them, you need to do the following on the source server (for the client certificate "Client private.pfx") and on the target server (for the server certificate "Server private.pfx"):

1.Choose Start -> Run, type mmc and press Enter.

 

2.In the console window, choose File -> Add/Remove Snap-in.

 

3.Click Add and choose Certificates.

 

4.Choose Computer account in the next step.

 

5.Choose Local computer in the next step. Finish adding the Certificates snap-in.

 

6.Unfold Certificates (Local Computer) under the console root, right-click Personal and choose All Tasks -> Import... The Certificate Import Wizard starts.

 

7.Import the appropriate certificate from the .pfx file in folder C:\Program Files\Kentico CMS\<version>\SampleCertificates.

 

8.Enter the following password for the sample certificates (it is the same for client and server certificate): wse2qs

 

9.Now you need to grant the ASPNET (for Windows 2000 and Windows XP) or (for NT Authority\Network Service in Windows 2003) account with READ permissions for the certificate file. You can do that using the WseCertificate3.exe tool that can be found in folder C:\Program Files\Kentico CMS\<version>\Sample Certificates

 

10.Run the WseCertificate3.exe tool.

 

11.Choose Local Computer in the Certificate Location field.

 

12.Choose Personal in the Store Name field.

 

13.Click Open Certificate and choose either the client or the server certificate.

 

14.Click View Private Key File Properties... and grant the user ASPNET (for Windows 2000 and Windows XP) or the user NT Authority\Network Service (for Windows Server 2003) with READ permission for this file.

 

If you're using your own certificates (highly recommended), you will need to update the following values in the Site Manager -> Settings -> Content Staging dialog:

 

Client key ID
Server key ID

 

Here's how to get the ID's:

 

You will use the WseCertificate3.exe tool located in folder C:\Program files\KenticoCMS\<version>\SampleCertificates to get the certificate keys.

1. Run the WseCertificate3.exe tool.

 

2. Choose Local Computer in the Certificate Location field.

 

3. Choose Personal in the Store Name field.

 

4. Click Open certificate and select either client or the server certificate.

In the Key identifiers group you can now see the certificate key, Windows key identifier (Base64) should be used within Kentico CMS settings.

 

 

 

Important: Sample certificates

 

Using the sample certificates is not secure and it's also very slow. It's highly recommended that you use your own certificate issued by a certification authority.

 

 

 

 

Tip

 

If you encounter problems with content staging when using SLL (X.509), try adding the following key to your web.config file:

 

<add key="CMSStagingAcceptAllCertificates" value="true" />

 

This key ensures that all certificates will be accepted. If set to false, only certificates issued by a certification authority will be accepted.