Share via

Specifying how IAG certified client endpoints request client certificates

  • Article

Applies To: Intelligent Application Gateway (IAG)

Whale Communications Intelligent Application Gateway (IAG) 2007 uses client certificates to specify that a client endpoint is certified. Client certificates can be distributed to clients from a remote certification authority (CA), or from a CA running locally on the IAG server. This topic is applicable only if the CA used to distribute certificates to certified client endpoints is installed locally on the IAG server.

After the Certified Endpoint Enrollment application is added to the trunk, the appropriate tools need to be added to the end-user pages. The available tools depend on whether you are using the default portal homepage or your own custom page, as follows:

  • If you use the default portal homepage, the following happens automatically:

    • The Certified Endpoint button is added to the Whale toolbar.

    • A Certified Endpoint link is added to the portal homepage.

  • If you use a custom page, you must ensure that one or both of the following are added to the page so that users can request certified endpoint status:

    • The IAG toolbar. When you add the IAG toolbar to a custom page, the Certified Endpoint button is automatically added to the page.

    • A Certified Endpoint link. For more information, see Modifying the default IAG portal home page.

In order for a client endpoint to be considered as a certified endpoint, end-users have to take the following steps:

  1. End-users submit a request for a certificate to be issued and the endpoint to be considered as a certified endpoint.

  2. If so defined in the certification authority policy, end-users check whether the request for certified endpoint status has been approved.

  3. Once the certified endpoint status has been approved, end-users install the certificate.

    The Certified Endpoint button is not displayed on handheld devices. In order to grant certified endpoint status to such a device, request certified endpoint status on a remote computer, ensure that the certificate is created with the option to export the private key, then after the request has been approved, install the certificate on the remote computer and export it to the handheld device. Ensure that you include the private key when you export the certificate.

  4. Optionally, you can customize the appearance of the certified endpoint enrollment pages displayed to client endpoints. For more information, see Customizing IAG certified endpoint enrollment pages.

Submitting a certificate request

To submit a request to make a computer a Certified Endpoint

  1. End-users access the portal, and then click the Certified Endpoint button or link. The Certified Endpoint - User Information window is displayed.

  2. The end-user enters the required user information. Note that required fields may vary according to the settings defined during configuration of the certified endpoint feature.

  3. At the bottom right corner of the screen, end-users click Submit. A message is displayed, prompting to the end-user to confirm the request for a certificate.

  4. Click Yes to request a certificate. Depending on your organization’s certification policy, a message is displayed to the end-user.

  5. If the certificate is issued immediately, end-users are notified that the certificate has been issued and are prompted to install the certificate. They can then access the portal as certified client endpoints.

  6. If the certificate is not issued immediately, end-users are notified that the request is in progress. Note that the client endpoint is not yet certified and end-users will continue to use existing portal options. Within the period of time specified on the Certified Endpoint window, end-users should use the same browser to check the status of the request.

Checking the request status

End-users can check request status as follows:

To check whether the request for Certified Endpoint status has been approved

  1. End-users access the portal, and then click the Certified Endpoint button or link.

  2. A message is displayed in the Certified Endpoint window. If the message states Certified Issued, then the end-user can install the certificate and log in as a certified endpoint user. If the message Certified Endpoint Request in Progress is displayed, end-users must continue to check within the period of time specified on the Certified Endpoint window, using the same browser. The message Certified Endpoint Request Denied indicates that the request is denied.

Installing the certificate and logging in as a certified user

After certified endpoint status has been approved and a certificate issued, end-users must install the certificate on the client endpoint in order to complete the certified endpoint process. Do this as follows:

To install the certificate and log in as a Certified Endpoint user

  1. End-users should access the portal, and then click the Certified Endpoint button or link. The Certified Endpoint - Certificate Issued window is displayed.

  2. The end-user should click Install this certificate to add the certificate to the client endpoint. If the browser is Windows Internet Explorer, the certificate is installed on your computer. If a different browser is used, a certificate download dialog box is displayed.

  3. When the end-user clicks OK the certificate is installed on the client endpoint. After the certificate is installed, the Certified Endpoint window indicates that the endpoint is certified.

  4. The end-user should click Close to close the Certified Endpoint window. The client endpoint is not granted certified endpoint privileges.

  5. The end-user should close all open browser windows, and then re-access the portal and log in. The Client Authentication dialog box is displayed.

  6. The end-user should select a certificate from the list, and then click OK. This completes the logon process. The Certified Endpoint button or link is no longer available.

    Tip

    If your portal homepage includes the Whale toolbar, end-users can click the System Information button to access the System Information window, in order to verify your certified endpoint status.

For more information about processing requests, see Setting up a CA on the IAG server.