If your administrator has configured your account for Certificate Authentication as part of IBM® MFA Out-of-Band, you must
enroll your certificate before you can use it to log on.
Before you begin
It is a Best Practice to clear your Windows system SSL state before enrolling your certificate. To do this, select . In addition, from , ensure that Use "SSL 2.0" and "Use SSL 3.0" are both unchecked.
About this task
You must enroll your certificate before you can use it to log on with Certificate Authentication. The process requires action by both the administrator and the
user, and the actions must occur in the correct sequence. Perform these steps only as directed by
your administrator.Note: This procedure has been verified with Microsoft Internet Explorer and Google Chrome.
Procedure
-
Clear your Windows system SSL state.
-
When instructed to do so by your administrator, begin the Certificate Authentication logon process at the web server login page provided by the
administrator, such as
https://servername:port/AZFCERT1/enroll.
Use your RACF userid to access the IBM MFA Out of Band login interface.
User ID:
Password:
-
On the Enrollment page, click on "Begin Certificate Enrollment."
AZFCERT1 Enrollment
Ensure that you have a certificate available to enroll.
AZFCERT1
Begin Certificate Enrollment
-
Select the certificate you want to use to log in and click OK. Your security administrator will
typically provide guidance on which certificate to use.
Note: If you are using Internet Explorer, be aware that the Windows Internet Options "Don't prompt for client certificate selection when only one certificate exists" setting can result in your not having to choose a certificate. The "Don't prompt for client certificate selection when only one certificate exists" setting is typically controlled by the system administrator.
For PIV/CAC or other smart cards, you must then enter your valid PIN.
Note: If you
receive an error indicating that the server certificate is invalid, it is more likely that the
certificate you chose is invalid.
-
If successful, you receive a message indicating the certificate enrollment succeeded and to
await further instruction from the administrator.
AZFCERT1 Enrollment
Ensure that you have a certificate available to enroll.
AZFCERT1 -[Succeeded]
Certificate enrollment succeeded. Your certificate is tagged for Review.
An administrator will notify you when it is Approved. Please close
your browser window.
-
Close the browser window to end the session.