Enabling X.509 Certificate Authentication

In the Managing Users section above, the process to enable the user of X.509 certificates is described for a given user; however the PMN web server needs to install the certificates of any root certificate authorities that have issued certificates used by PMN users.  This allows the web server to validate the authenticity of the user’s certificate.

To install the root CA certificates, open MMC and go into the Certificate Store under the computer account.  Right click the Trusted Root Certificate Authorities folder and click All Tasks > Import.  Then follow the Import steps to import the Root Certificate.  Lastly, if the X.509 cert was not created off of a publically known CA such as Verisign, Go-Daddy, Digicert, etc., then change the registry key “HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\ SendTrustedIssuerList” from 1 to 0 and restart the server.