Configuring a Web Site to Require a Client Certificate
Use Internet Information Services (IIS) Manager to configure settings for the Relay
Server's Web site.
Open Internet Information Services (IIS) Manager.
(Optional) Create a self-signed certificate.
Select the IIS server node in the left pane.
Double-click the Server Certificates icon in the
center pane.
Click the Create Self-Signed Certificate action in the
right pane.
Enter the certificate name according to certificate naming guidelines, and
click OK.
(Optional) Import the certificate to IIS.
Select the IIS server node in the left pane.
Double-click the Server Certificates icon in the
center pane.
Click the Import action in the right pane.
Enter the certificate path and password in the Import Certificate window, and
click OK.
Add the HTTPS binding.
Right click the Web site which includes the Relay Server application in the
left pane.
Select Edit Bindings in the context menu.
Click Add in the Site Bindings window.
Select https and select
certificate in the Add Site Binding window, then
click OK.
Configure the ias_relay_server application to require
SSL.
Note: Only the SAP Mobile Server client connecting to the Relay Server
needs to provide a certificate; the RSOE connecting to the Relay Server does not
need to provide a certificate.
Click the Relay Server’s Web site.
Double click the SSL Settings icon in the center
pane.
Uncheck Require SSL, and select the
Ignore option in the center pane.
Click the Apply action in the right pane.
Click the ias_relay_server application in the left
pane.
Double click the SSL Settings icon in the center
pane.
Check Require SSL, and select the
Require option in the center pane.
Click the Apply action in the right pane.
Enable IIS to negotiate the client certificate.
Note: The following instructions are for IIS 7.5; if you are using IIS 6.x, see the
Microsoft technical documentation.
To check whether Negotiate Client Certificate is
enabled, run this command in the command line.
netsh http show sslcert
If Negotiate Client Certificate is disabled, delete
the certificate by running:
netsh http delete sslcert 0.0.0.0:433
Run following command to add the certificate again.