| Style | ||
|---|---|---|
| ||
In an EmpowerID deployment, certificates provide the underlying support for the authentication, integrity, and confidentiality of messages exchanged between the various platform components, as well as any federated partners communicating with EmpowerID. These certificates play an important role in the EmpowerID federated security model in that EmpowerID uses them to sign and encrypt SAML Assertions and the WS-Federation security tokens issued by the EmpowerID Security Token Service (STS), which are then validated/decrypted by the various services and applications deployed against EmpowerID. There are two important types of certificates used in an EmpowerID deployment, the Server Certificate and the SSL Certificate.
| Info |
|---|
You can use one and the same certificate to meet these requirements. It is not necessary to deploy two different certificates. |
Server Certificate
When you install EmpowerID, you must select a "Server" certificate as part of the installation process. This certificate is used by the EmpowerID STS to encrypt the security tokens issued by it each time a user authenticates against the system and used by the EmpowerID services to verify the validity of those tokens and the access requests represented by them. As this is the case, you must have the private key for this certificate as it is used by the EmpowerID services to decrypt the tokens passed to them by the STS.
...
- It must be valid
- It must be deployed in the Certificates (Local Computer)\Personal store
- Minimum intended purpose includes Client/Server Authentication and Encryption
| Warning | ||
|---|---|---|
In addition, the certificate details information must be as follows:
To ensure your certificates meet the requirements for EmpowerID, please see the the following support articles per your situation: Requesting a SHA-256 certificate for EmpowerID using Active Directory Certificate Services Requesting a SHA-256 certificate for EmpowerID using an external certificate authority |
...