Configuring Client Certificates
When using client certificate authentication, the scheduler service requires additional configuration. The scheduler service permits only local connections and it is possible to disable client certificate authentication for the scheduler web service only.
To enable the scheduler service to use client certificate authentication perform the following steps:
- Ensure that the server URL uses a secure (HTTPS) connection in the scheduler configuration tool.
- Login as an administrator and run mmc.exe.
- Accept the UAC prompt if required
- Add the Certificates snap-in and ensure that Computer account is selected.
- Import the client certificate into the Personal folder for the Computer account.
- When imported ensure that the client certificate is within the expiration date and that Client Authentication is one of the intended purposes.
- Right click the certificate and select Manage Private Keys.
- Ensure that the Local Service account has permissions to Read the key.
- Select the client certificate in the scheduler configuration tool.