Configuring Client Certificates
When using client certificate authentication, the scheduler service requires additional configuration. The scheduler service permits only local connections and it is possible to disable client certificate authentication for the scheduler web service only.
To enable the scheduler service to use client certificate authentication perform the following steps:
- Ensure that the server URL uses a secure (HTTPS) connection in the scheduler registry keys.
- Ensure that the Connect to server setting on the server settings or server upload uses the appropriate HTTPS address of the server.
- Login as an administrator and run mmc.exe.
- Accept the UAC prompt if required
- Add the Certificates snap-in and ensure that Computer account is selected (using the Server account option is not supported)
- Import the client certificate into the Personal folder for the computer account.
- When imported ensure that the client certificate is within the expiration date and that Client Authentication is one of the intended purposes
- Right click the certificate and select Manage Private Keys
- Ensure that the scheduler service account has permissions to Read the key.
- Enter the key thumbprint in the ClientCertificateThumbprint value of the scheduler registry keys, or using the scheduler configuration tool.