In order to use X.509 authentication, you need to install your own certificates, or you may use our sample ones.
Kentico CMS is delivered with sample client and server private certificates. In order to install them, you need to do the following on the source server and on the target server:
1. Choose Start -> Run, type mmc and press Enter.
2. In the console window, choose File -> Add/Remove Snap-in.
3. Click Add and choose Certificates.
4. Choose Computer account in the next step.
5. Choose Local computer in the next step. Finish adding the Certificates snap-in.
6. Unfold Certificates (Local Computer) under the console root, right-click Personal and choose All Tasks -> Import... The Certificate Import Wizard starts.
7. Import the appropriate certificate from the appropriate .pfx file in C:\Program Files\Kentico CMS\<version>\SampleCertificates. Use Client private.pfx for the client certificate and Server private.pfx for the server certificate.
8. Enter the following password for the sample certificates (it is the same for the client and the server certificate): wse2qs
9. Now you need to grant the READ permissions for the certificate file to the ASP.NET account (names of the account under different operating systems are described in the Disk permissions problems chapter). You can do that using the WseCertificate3.exe tool that can also be found in C:\Program Files\Kentico CMS\<version>\Sample Certificates
10. Run the WseCertificate3.exe tool.
11. Choose Local Computer in the Certificate Location field.
12. Choose Personal in the Store Name field.
13. Click Open Certificate and choose either the client or the server certificate.
14. Click View Private Key File Properties... and grant the READ permission for this file to the ASP.NET account (names of the account under different operating systems are described in the Disk permissions problems chapter).
If you're using your own certificates (highly recommended), you will need to update the following values in the Site Manager -> Settings -> Versioning & Synchronization -> Staging:
•Client key ID
•Server key ID
To get these IDs, you can use the WseCertificate3.exe tool located in C:\Program files\KenticoCMS\<version>\SampleCertificates.
1. Run the WseCertificate3.exe tool.
2. Choose Local Computer in the Certificate Location field.
3. Choose Personal in the Store Name field.
4. Click Open certificate and select either client or the server certificate. In the Key identifiers group you can now see the certificate key, Windows key identifier (Base64) should be used within Kentico CMS settings.
Important: Sample certificates
Using the sample certificates is not secure and it's also very slow. It's highly recommended that you use your own certificate issued by a certification authority.
If you encounter problems with content staging when using SLL (X.509), you may try adding the following key to your web.config file:
This key ensures that all certificates will be accepted. If set to false, only certificates issued by a certification authority will be accepted.