Working with client certificates to secure accessory server access
This section discusses methods for working with client certificates in order to secure access to accessory servers.
The following steps are required when the Client certificates option is set to Require in the Internet Information Services (IIS) SSL settings.
1 Login to the accessory server with the appropriate anonymous user credentials.
2 Request a client certificate for the anonymous user account and install the certificate on the accessories server. The steps are as follows:
▪Open a web browser session and enter the appropriate Microsoft Active Directory Certificate Services server URL (for example: http://<SERVER_IP_ADDRESS>/certsrv/en-US/). This displays the Microsoft Active Directory Certificate Services Welcome page.
▪Click the Request a certificate link. This displays the Request a certificate page.
▪Click the advanced certificate request link, then click Create and submit a request to this CA.
▪In the certificate request detail page, make sure the Type of Certificate Needed value is set to Client Authentication Certificate.
▪After submitting the certificate request, switch to the certificate server and issue the certificate request.
▪Open a web browser session, enter the Microsoft Active Directory Certificate Services server URL from the first step, and install the client certificate.
3 Modify the IIS configuration by defining a larger uploadReadAheadSize value. The default value is 49152 bytes; the recommended value is 4915200 bytes. Failure to increase the uploadReadAheadSize value may result in 413 errors when activating CATI projects. The entire ActivateDocument xml string is sent as a web method parameter and could be larger than 48kb. The steps are as follows:
▪Open IIS and highlight SPSSMR.
▪From the Feature views, select Configuration Editor.
▪Select system.webServer/serverRuntime from the drop-down list.
▪Set the uploadReadAheadSize value to a larger size, such as 4915200.
See