|
||
In order to use X.509 authentication, install your own certificates or you use our sample ones.
Kentico CMS is delivered with sample client and server private certificates. In order to install them, do the following on the source server and on the target server:
Install the server certificate:
1. Choose Start -> Run, type mmc and press Enter.
2. In the console window, choose File -> Add/Remove Snap-in.
3. Choose Certificates and click Add.
4. Choose Computer account and click Next.
5. Choose Local computer (the computer this console is running on) and press Finish.
6. Close the Add or Remove Snap-ins window by clicking OK.
7. Unfold Certificates (Local Computer) under the console root, right-click Personal and choose All Tasks -> Import... The Certificate Import Wizard starts.
8. Import the Server private.pfx file located in C:\Program Files\Kentico CMS\<version>\SampleCertificates.
9. Enter the following password for the sample certificate: wse2qs.
10. Don't change any other settings and finish the Certificate Import Wizard.
11. Now, grant Read permission to the certificate file for the ASP.NET account. Do that by right-clicking the imported WSE2QuickStartServer certificate and choosing All tasks -> Manage private keys.
12. Click on Add..., fill in the name of the account and click OK.
13. Make sure the account's permission is set to Read - Allow and click OK.
Install the client certificate:
1. Choose Start -> Run, type mmc and press Enter.
2. In the console window, choose File -> Add/Remove Snap-in.
3. Choose Certificates and click Add.
4. Choose My user account and click Finish.
5. Close the Add or Remove Snap-ins window by clicking OK.
6. Unfold Certificates - Current User under the console root, right-click Personal and choose All Tasks -> Import... The Certificate Import Wizard starts.
8. Import the Client private.pfx file located in C:\Program Files\Kentico CMS\<version>\SampleCertificates.
9. Enter the following password for the sample certificate: wse2qs.
10. Don't change any other settings and finish the Certificate Import Wizard.
11. Now you need to grant the Read permissions for the certificate file to the ASP.NET account. For the Client certificate, do that using the WseCertificate3.exe tool that can also be found in C:\Program Files\Kentico CMS\<version>\Sample Certificates folder.
12. Run the WseCertificate3.exe tool.
13. Choose Current User in the Certificate Location field.
14. Choose Personal in the Store Name field.
15. Click Open Certificate.
16. Choose the WSE2QuickStartClient certificate and click OK.
17. Click View Private Key File Properties... and grant the Read permission for this file to the ASP.NET account.
18. Click on Add..., fill in the name of the account and click OK.
19. Make sure the account's permission is set to Read - Allow and click OK.
|
Important: Sample certificates
Using the sample certificates is not secure and it's also very slow. It's highly recommended that you use your own certificate issued by a certification authority.
|
If you're using your own certificates (highly recommended), you will need to update the following values in Site Manager -> Settings -> Versioning & Synchronization -> Staging:
•Client key ID
•Server key ID
To get these IDs, you can use the WseCertificate3.exe tool located in C:\Program files\KenticoCMS\<version>\SampleCertificates.
1. Run the WseCertificate3.exe tool.
2. Choose Local Computer in the Certificate Location field.
3. Choose Personal in the Store Name field.
4. Click Open certificate and select either client or the server certificate. In the Key identifiers group you can now see the certificate key, Windows key identifier (Base64) should be used within Kentico CMS settings.
|
Tip
If you encounter problems with content staging when using SLL (X.509), you may try adding the following key to your web.config file:
This key ensures that all certificates will be accepted. If set to false, only certificates issued by a certification authority will be accepted.
|
Now that you have installed and configured the certificates, configure staging inside Kentico CMS to use the certificates for authentication.
On the target server, change the staging service authentication service as follows:
1. Navigate to Site manager -> Settings -> Versioning & Synchronization.
2. Under the Staging service (target only) settings group, change the form to X.509.
3. Save the settings.
4. Note that you need to copy the Client and Server key ID to your source server's settings.
On the source server, change the settings as follows:
1. Navigate to CMS Desk -> Tools -> Staging.
2. Choose the Servers tab and Edit () the server you want to configure.
3. Change Server authentication to X509 and copy the Client and Server key ID's from the target server.
4. Save the configuration.
You have now successfully configured staging in Kentico CMS for the use of certificates in authentication.