Configuring certificate authentication for a generic CA web service

An administrator can use X.509 certificate authentication to request certificates from a web server.

In previous releases of Cloud Extender® (2.91 and earlier), the Administrator provided a username and password to request certificates from the web server. The Cloud Extender supported only NTLM, Negotiate, and Digest authentication. For Cloud Extender (2.92 and later), the Cloud Extender now supports X.509 certificate authentication.

Cloud Extender Configuration Tool setting

The Cloud Extender Configuration Tool now includes a drop-down to select a certificate to use for X.509 authentication against the web service that is configured in the URL of Web Application setting. The drop-down provides a list of the Friendly Names of certificates that are loaded in the Windows Certificate Store on the same server where the Cloud Extender is running. Use Local Machine > Trusted People to search for the certificate store location, which allows for certificate requests for a custom certificate authority (CA) by using X.509 certification authentication over HTTP. The tooltip for the Web Auth Certificate (Optional) setting in the Template Configuration window provides instructions on what information you can enter in this field.

Importing authentication certificate in the Windows Certificate Store

Before you configure the Cloud Extender template, import the authentication certificate into the Windows Certificate Store. When you import the certificate into the Windows Certificate Store, the certificate is displayed in the Web Auth Certificate (Optional) setting in the Template Configuration window.

For example, search for Local Machine > Trusted People in the certificate store location.