To configure the XIA Configuration Client to use client certificates in conjunction with Microsoft Internet Information Server (IIS) as a method of two factor authentication, complete the following steps:

  • Ensure that the IIS server is configured with a valid SSL certificate

  • Ensure that the Connect to server setting on the server settings or server upload uses the appropriate HTTPS address of the server.

  • Ensure that the IIS server SSL settings are configured appropriately to either accept or require client certificates

  • Determine the name of the service account by viewing the service information.

  • Logon as the service account and run mmc.exe or

    - or -

  • Execute the command substituting the service account name
    runas /user:"domain\user" "cmd /c mmc" 

  • Accept the UAC prompt if required

  • Add the Certificates snap-in and ensure that My user account is selected (using the Service account option is not supported)

  • Import the client certificate into the Personal folder for the service user account.

  • When imported ensure that the client certificate is within the expiration date and that Client Authentication is one of the intended purposes

  • On the advanced settings tab of either the server settings or server upload as appropriate, select the appropriate client certificate