Run the IndeedCM.Server.msi file from the Indeed Certificate Manager installation package and follow the wizard instructions to complete the installation. During the installation process, you shall be prompted to select a method of access control for all the system applications.

The Indeed CM system consists of a number of services:

  • Management console – icm web application.
  • Self-service – icmservice web application.
  • Remote self-service – icmremote web application.
  • Smart card unlock service – credprovapi web application.
  • API service – icmapi web application.
  • Smart card status monitoring – Card Monitor service no web application provided.
  • Client Agent services:
    • Agent Registration Service – agentregistrationapi web application.
    • Service for remote task execution – agentserviceapi web application.

Each service has its own configuration files and access settings.

When Windows authentication is selected, the following access control parameters are set:

  • Authentication:
    • Windows Authentication (other methods are disabled) for icm, icmservice, icmapi applications
    • Anonymous Authentication (other methods are disabled) for credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication and Forms Authentication for icmremote application.
  • SSL Settings:
    • Require SSL for all applications.
    • Client certificates:
      • Ignore for icm, icmapi, icmremote, icmservice, credprovapi, agentregistrationapi applications.
      • Require for agentserviceapi application.

When Authentication by user’s personal certificates is selected, the following access control parameters are set:

  • Authentication:
    • Anonymous Authentication (other methods are disabled) for icm, icmapi, icmservice, credprovapi, agentregistrationapi, agentserviceapi applications.
    • Anonymous Authentication and Forms Authentication (other methods are disabled) for icmremote application.
  • SSL Settings:
    • Require SSL – for all applications.
    • Client certificates:
      • Ignore – for credprovapi, icmremote, agentregistrationapi applications.
      • Required – for icm, icmapi, icmservice, agentserviceapi applications.

If the user directory is in Active Directory, then the certificates used for authentication should contain User Principal Name. The certificates without UPN cannot be used for logging into web applications.

After the system is installed, you can set SSL settings for each application separately, using the IIS Management Console.


  • No labels