IIS Implementation Guide

Guide to implementing Digi-Access™ on IIS

Setting up a Client Certificate Mapping – Digi-Access™ User on IIS 5.x+

Once the Windows User Account (from section 3.1) is present, you may move to the final step of this document where you setup a Digi-Access™ user. Before you do this, make sure that you have the following items available:

Setting up Directory User Account

Log on as a Domain Administrator to the Windows Server where Windows Active Directory is installed on and the Windows server containing the Digi-Access™ facility is connected to and:

Go to Windows Administrative Tools.

Setting up a Digi-Access™ User

Setting up a Digi-Access™ user requires a Windows Local or Active Directory Domain (depending on the Windows Server configuration) User account, and a Digi-Access™ certificate containing the public key.

Obtaining a Digi-Access™ Client Certificate from Digi-Sign

3.1 Applying for a Digi-Access™ Certificate

To obtain a Digi-Access™ Client Certificate from Digi-Sign, you need to send an email request to
support@digi-sign.com providing your (or the end users) first name, last name and email address. Digi-Sign will then send you (or to any user you requested) a Digi-Access™ invitation email message containing instructions on how to apply for a Digi-Access™ certificate and the relevant Digi-Access™ web application URL.

Installing the Digi-SSL™ Root CA & Intermediate CA Certificates

You will receive 3 Certificates from Digi-Sign. Save these Certificates to the desktop
(or another directory on the hard drive) of the web server machine, then:

Enabling SSL communication security on IIS 5.x+ web server

To enable the SSL facility on your website using IIS 5.x+, a Digi-SSL™ certificate is necessary. To obtain your Digi-SSL™ certificate, a Certificate Signing Request [CSR] is required. A CSR is your server's unique "fingerprint" and is generated from your server.

The next section will explain in detail how to generate a CSR.

1.1 Generating a Certificate Signing Request (CSR) using Microsoft IIS 5.x+

To generate keys (private and public) and Certificate Signing Request:

IIS Secure Two Factor Authenticated Access

1.Enabling SSL communication security on IIS 5.x+ web server
1.1. Generating a Certificate Signing Request (CSR) using Microsoft IIS 5.x+
1.2. Installing your Digi-SSL™ Certificate on Microsoft IIS 5.x+
1.2.1 Installing the Root & Intermediate Certificates
1.2.2 Installing your Digi-SSL™ Certificate
2. Enabling Client Certificate Authentication on IIS 5.x+ web server