Download 5.0 14-02 Lightweight Directory Access Protocol

Lightweight Directory
Access Protocol (LDAP)
Job Aid
Copyright Notice
© 1999-2014 ProVation Medical, a Wolters Kluwer Health Company. All rights reserved.
ProVation Medical (“ProVation”), a Wolters Kluwer Company, reserves the right to make improvements to the software product described in
this manual at any time without notice.
ProVation is the copyright owner of its software products, including the entire content of this manual, diskettes and CD ROMs supplied. This
document may not, in whole or in part, be copied, photocopied, reproduced, translated or reduced to any electronic medium or machinereadable form without prior consent from ProVation. Willful violation of the Copyright Law of the United States of America can result in civil
and criminal penalties.
The information contained in this document is confidential to properly licensed users of ProVation. Willful violation can result in civil and
criminal penalties.
American Medical Association – CPT:
CPT Copyright 2013 American Medical Association. All rights reserved.
Fee schedules, relative value units, conversion factors and/or related components are not assigned by the AMA, are not part of CPT, and the
AMA is not recommending their use. The AMA does not directly or indirectly practice medicine or dispense medical services. The AMA
assumes no liability for data contained or not contained herein.
CPT is a registered trademark of the American Medical Association.
The responsibility for the content of any “National Correct Coding Policy” included in this product is with the Centers for Medicare and
Medicaid Services and no endorsement by the AMA is intended or should be implied. The AMA disclaims responsibility for any consequences
or liability attributable to or related to any use, nonuse or interpretation of information contained in this product.
U.S. Government Rights - This product includes CPT which is commercial technical data and/or computer data bases and/or commercial
computer software and/or commercial computer software documentation, as applicable which were developed exclusively at private
expense by the American Medical Association, 515 North State Street, Chicago, Illinois, 60610. U.S. Government rights to use, modify,
reproduce, release, perform, display, or disclose these technical data and/or computer data bases and/or computer software and/or
computer software documentation are subject to the limited rights restrictions of DFARS 252.227-7015(b)(2) (June 1995) and/or subject to
the restrictions of DFARS 227.7202-1(a) (June 1995) and DFARS 227.7202-3(a) (June 1995), as applicable for U.S. Department of Defense
procurements and the limited rights restrictions of FAR 52.227-14 (June 1987) and/or subject to the restricted rights provisions of FAR
52.227-14 (June 1987) and FAR 52.227-19 (June 1987), as applicable, and as applicable agency FAR Supplements, for non-Department of
Defense Federal Procurements.
Indications for use:
ProVation MD and ProVation MultiCaregiver applications are intended for use in the following situations:



Create procedure documentation
Code for supplies and medications used
Report on procedure documentation and other administrative functions
The resulting documentation and associated images are to be used for the purpose of patient education and reference. The information and
images are not to be used for diagnostic purposes.
Precautions:
ProVation MD and ProVation MultiCaregiver applications should be used as designed and documented in their respective user and
configuration manuals.
Caution:
Federal Law restricts this device to sale by or on the order of a physician (or properly licensed practitioner).
ProVation Medical
800 Washington Avenue North
Suite 400
Minneapolis, MN 55401
877.454.2994
www.provationmedical.com
ProVation, Anticipatory Interface, and Clinical Productivity by Design are registered trademarks of ProVation. All other brand, product or
company names are trademarks of their respective owners.
All patient and provider examples contained within this document are hypothetical and provided for example only.
Revision Date
8/6/14
CONTENTS
Introduction: ...................................................................................................... iii
Help, Support, and Other Resources .....................................................................................iii
Accessing User Manuals..................................................................................................iii
Document Conventions ...............................................................................................iii
ProVation Customer Web Site ..........................................................................................iv
Contacting Customer Support ..........................................................................................v
Viewing the Version Number ........................................................................................vi
Logging On to ProVation MD ...............................................................................................vi
Logging Off ProVation MD ..................................................................................................vi
Exiting ProVation MD .......................................................................................................vi
Section 1: Enabling and Configuring LDAP .................................................................... 1
Enabling LDAP................................................................................................................1
Configuring an LDAP Server................................................................................................2
Section 2: Using LDAP in Multiple Domains ................................................................... 5
Associating a Site to a Domain ............................................................................................5
Adding a Domain ............................................................................................................6
Editing a Domain Name ....................................................................................................6
Deleting a Domain Name ...................................................................................................6
Section 3: Linking a Provider to a LDAP User ................................................................ 7
Section 4: Emergency Access with LDAP ...................................................................... 9
Section 5: Enabling ProVation Web Services to Use a Client Certificate................................. 11
Installing a Certificate in the Local Machine Store ....................................................................11
Granting Access to ASP.NET ...............................................................................................15
Installing the Root Certificate of the Certification Authority ........................................................16
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
i
Contents
Lightweight Directory Access Protocol (LDAP) Job Aid
ii
LDAP JA 5.0 14-02
INTRODUCTION
Lightweight Directory Access Protocol (LDAP) is a commonly employed Internet protocol that facilitates
information exchange between a server and client. Information such as contacts, address books, or
other directory information can be sent using this protocol. By using LDAP, a user is able to log on to any
component of their system that they have access to using one enterprise user name and password.
The LDAP feature allows ProVation to accommodate and incorporate LDAP authentication within the
ProVation applications for the 5.0 versions and beyond. Basic user name and password authentication is
supported when logging on, finalizing a note, creating an addendum, or any other operation where a
user is required to provide their credentials. This capability meets increasingly stringent user name and
password requirements while matching existing client LDAP processes. User names and passwords must
be kept to a maximum of 15 characters each since ProVation MD restricts the length of a user’s
credentials.
ProVation supports three types of LDAP directories; Sun (Sun ONE), Novell (eDirectory), and Microsoft
(Active Directory). ProVation supports LDAP across both single and multiple domains.
Help, Support, and Other Resources
Tip: ProVation Medical highly recommends creating an LDAP enabled technical support account that
can be used to assist in troubleshooting LDAP issues.
Accessing User Manuals
At any time while working within a ProVation application you can press the F1 key on your keyboard to
access the PDF versions of the ProVation user manuals for help.
Document Conventions
The conventions followed in the documentation are listed in the table below.
Item
Example
Navigation paths through application or
operating system windows are indicated
with a greater than (>) symbol. All
navigation paths assume you are starting
from the main window of the application.
Navigation path:
Selections that might be optional for a site
depending on configuration are contained
within brackets [Site/Specialty].
[Case Detail Barcode]
Click Utilities > Configuration Center > [Site/Specialty] >
Advanced tab > Password Configuration.
Placeholders:
<Specimen with Barcode>
Variable placeholders are also indicated
with square and angle brackets, such as in
Site Documents.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
iii
Introduction
Help, Support, and Other Resources
Item
Example
References to related publications are
shown in italic font.
For more information, see the ProVation MD - Software
Administrator Guide.
File names, file paths, and information
users must enter are shown in courier
font.
If your site uses an orders interface, the default location of
the file is on the Application Server at c:\Interface\HL7.
Buttons, tabs, selections, options, and lists
within a task that a user must click are
shown in bold.
From the View options, click Today’s Cases.
References to Web sites appear underlined
and in blue. These are hypertext links.
Cross-references to another topic within the
manual are shown in blue text. You can
click on the link to jump to the topic.
Type 3 in the field.
Click Save.
www.provationmedical.com
For more information, see “Username and Password
Maintenance” on page 6.
ProVation Customer Web Site
The ProVation Customer Web Site at https://peach.provationmedical.com provides:
•
Information prepared by ProVation Medical Customer Support
•
ProVation U on-line training classes and on-demand training videos
•
Best practices developed and shared by the ProVation community of users
•
Forums targeted to specific user groups (Physicians, Nurse Managers and Power Users, IT and
Software Administrators, and Coding and Billing Professionals)
Access to the ProVation Customer Web Site is free to our customers, but you must register to access the
Web site. If you are not yet registered, please browse to https://peach.provationmedical.com/register
and sign up.
After you receive the confirmation sent to the email address you register with, you can access the
ProVation Customer Web Site.
Lightweight Directory Access Protocol (LDAP) Job Aid
iv
LDAP JA 5.0 14-02
Introduction
Help, Support, and Other Resources
Contacting Customer Support
ProVation Medical Customer Support is a group of technical professionals responsible for application and
technical support of ProVation Medical software, with access to all ProVation Medical content and
development experts.
If you require direct assistance from a support analyst, ProVation Medical Customer Support delivers
personalized and responsive service. Because we realize your first priority is patient care, you can
always expect to quickly reach a qualified support analyst—never a complex phone tree or voicemail
box.
In the USA — 877.454.2994, option 1
Live Support
After Hours
6am - 11pm CST, Monday – Thursday
6am - 6pm CST, Friday
In Australia — 1800.855.742
6am - 6pm AEST, Monday - Friday
In New Zealand — 0800.450.250
8am - 8pm AEST, Monday - Friday
In Saudi Arabia — 001-800-844-5770
6:00 am - 6:00 pm AST Sunday - Thursday
In the USA — 877.454.2994, option 1
In the USA, leave a voicemail for the next business
day. If the issue is urgent, press 8 to reach our
after-hours/holiday cell phone. Leave a detailed
message that includes your name, phone number,
and site ID. A support analyst will contact you in 15
minutes or less.
In Australia — 1800.855.742
In Australia, leave a detailed message, and a
support analyst will contact you in 15 minutes or
less.
In New Zealand — 0800.450.250
In New Zealand, leave a detailed message, and a
support analyst will contact you in 15 minutes or
less.
In Saudi Arabia — 001-800-844-5770
In Saudi Arabia, leave a detailed message, and a
support analyst will contact you in 15 minutes or
less.
Email non-urgent questions to us anytime, and a support analyst will contact you.
In the USA — [email protected]
Email
In Australia — [email protected]
In New Zealand — [email protected]
In Saudi Arabia — [email protected]
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
v
Introduction
Logging On to ProVation MD
If you need to contact ProVation Medical for customer support, the ProVation representative may ask
you to go to provide information about the software version installed at your site. See “Viewing the
Version Number” in the next section.
Viewing the Version Number
If you are calling Customer Support, you may need to provide them with the version number of the
application that you are using at your site.
To view software version information for ProVation MD
1. Open ProVation MD.
2. Log on to the application (see “Logging On to ProVation MD” on page vi). The ProVation MD main
window is displayed.
3. Click Exit > About ProVation MD. The version information is displayed.
4. Click Close to close the dialog box.
Logging On to ProVation MD
To begin using ProVation MD and complete any of the tasks outlined in this and other ProVation Medical
user manuals, you must first log on to the application.
To log on to ProVation MD
1. Double-click the ProVation MD icon on your desktop. The log on screen is displayed.
2. Type your user name and password in the appropriate fields.
3. Click OK. ProVation MD opens to the main view, with the navigation bar on the left side of the
screen.
Logging Off ProVation MD
When finished using ProVation MD, the current user should log off of the software. Logging off leaves the
application open and presents the next user with the logon screen.
To log off of ProVation MD
1. Click Exit > Logoff.
2. The session ends and the logon screen is displayed.
Exiting ProVation MD
Exiting ProVation MD closes the application and secures patient data.
To exit ProVation MD
•
From the main navigation bar, click Exit > Exit. The application closes.
Lightweight Directory Access Protocol (LDAP) Job Aid
vi
LDAP JA 5.0 14-02
SECTION 1
Enabling and Configuring LDAP
The LDAP tab is located in Password Configuration of Configuration Center. The selection of a check box
enables LDAP for the all sites and allows site administrators to use their enterprise password
authentication via LDAP. Once LDAP is enabled, system administrators can configure ProVation
applications to authenticate via the enterprise authentication server - Sun (Sun ONE), Novell
(eDirectory), and Microsoft (Active Directory).
Enabling LDAP
LDAP must be enabled within ProVation MD in order to be used in the ProVation applications.
To access the LDAP tab and enable LDAP
1. From the main ProVation MD window, click Utilities > Configuration Center > [Site/Specialty] >
Advanced tab > Password Configuration. The Password Configuration window is displayed.
2. Click the LDAP tab. The LDAP page is displayed.
3. Click the Enable LDAP check box to enable the LDAP configuration items.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
1
Section 1: Enabling and Configuring LDAP
Configuring an LDAP Server
Configuring an LDAP Server
Once enabled, LDAP can be configured in multiple ways to meet the needs for its use at your facility.
To configure LDAP
1. With LDAP enabled, select a domain that you want to configure.
Note: A Default domain is created for all sites. You can use this default domain as is, rename
it, or add additional domains. If you need to add a domain, see “Adding a Domain” on
page 6.
2. Select your server type from the LDAP Server Type drop-down list.
The selections available are:
LDAP server Type
Selection
Microsoft Active Directory
Active Directory
Novell eDirectory
eDirectory
Lightweight Directory Access Protocol (LDAP) Job Aid
2
LDAP JA 5.0 14-02
Section 1: Enabling and Configuring LDAP
Configuring an LDAP Server
LDAP server Type
Sun Java System Directory Server
Selection
Sun
3. In the LDAP Server field, enter the IP address, domain name, or server name of the LDAP Server
being contacted for authentication queries.
4. In the Port field, enter the port number by which all LDAP Authentication queries pass
communications. When not using SSL, the default value is 389. When using SSL, the default is
636 or it can be left blank.
5. In the Search Base field, enter the point in the directory structure at which the query begins its
search.
6. In the Group String field, enter the group string value for the LDAP query.
7. In the LDAP Server User Name field, enter the user name of the individual with rights to query
the LDAP directory.
8. In the LDAP Server Password field, enter the password of the individual with rights to query the
LDAP directory.
9. The Login Attribute field displays the name of the login account type and is automatically
populated with the following and is dependent on what LDAP Server Type is selected.
LDAP server Type
Login Attribute
Microsoft Active Directory
sAMAccountName
Novell eDirectory
UID
Sun Java System Directory Server
UID
10. In the Time Out field, type in the field or use the up and down arrows to select the number of
seconds.
Note: The value in the Time Out field determines how long the client machine will wait for a
response from the LDAP server to verify the user. If the client does not get an LDAP
response within the specified time period, it aborts the attempt to log on. The Time Out
field should be set to greater than zero. A number less than or equal to zero means no
timeout is specified which is equivalent to waiting for the response indefinitely.
11. Select the Enable Security Sockets Layer (SSL) check box to enable SSL for the LDAP
connection.
Note: Using SSL requires a client certificate be installed. See “Installing a Certificate in the
Local Machine Store” on page 11 for more information.
12. Click the Validate Connection button to verify that the configuration for the selected domain is
valid.
13. Click the Save button from the toolbar.
14. Click the Close button twice to return to the main window.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
3
Section 1: Enabling and Configuring LDAP
Configuring an LDAP Server
Lightweight Directory Access Protocol (LDAP) Job Aid
4
LDAP JA 5.0 14-02
SECTION 2
Using LDAP in Multiple Domains
Associating a Site to a Domain
If your site uses multiple domains for user authentication, you will need to create and configure each
domain. The Default Domain by Site section of the LDAP tab is used to assign the default domain to each
site that is part of your network. The sites that are displayed in the Default Domain by Site list are those
that are configured in your database. Each site can be associated to a domain name. The domain names
available in the drop-down lists of the Default Domain names column are the same as those in the
Domain list. When first installed, all sites will be associated with the ‘Default’ domain name. The users
of the system need to verify that they select the appropriate domain when they are given the option.
To associate a site with a domain
1. On the LDAP tab of the Password Configuration window, select a site from the Default Domain
by Site list.
2. Click the drop-down list in the Default Domain cell next to the site you are configuring. The
drop-down list displays the domain names that are configured in the Domain column in the
Configured Domains LDAP Servers section.
3. Click the domain name you want to make the default for the site.
4. Click Save on the LDAP toolbar.
Important:If you are using LDAP with multiple domains for your facility(ies), it is important for
the users to know which domain they belong. When performing any task that
involves entering their credentials, they will also need to select their domain as well
as entering their user name and password.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
5
Section 2: Using LDAP in Multiple Domains
Adding a Domain
Adding a Domain
All sites that use LDAP are automatically given a default domain. If you have only one domain server for
your facility(ies), you can simply use the default domain. However, if you have more than one domain
across a single facility or multiple facilities, you can add additional domains and assign users to the
appropriate domain.
To add a domain
1. On the LDAP tab of the Password Configuration window, click the Add button. The Add/Edit
Domain dialog box is displayed.
2. In the Domain field, type the name of the domain you are adding and then click Save.
3. Configure this new domain using the instructions found in the section “Configuring an LDAP
Server” on page 2.
Editing a Domain Name
You can change the default domain name or the domain name of any another domain that you have
created.
To change the name of a domain
1. On the LDAP tab of the Password Configuration window, select a domain from the list of
available domains.
2. Click the Edit button. The Add/Edit Domain dialog box is displayed.
3. In the Domain field, edit the name of the domain you selected.
4. Click Save to save the change to the list of available domains.
Deleting a Domain Name
You can remove a domain name from the list of available domains.
To delete the name of a domain
1. On the LDAP tab of the Password Configuration window, select a domain from the list of
available domains.
2. Click the Delete button. A confirmation prompt is displayed.
3. Click OK to remove this domain name or click Cancel to leave the name in the list of available
domains.
Lightweight Directory Access Protocol (LDAP) Job Aid
6
LDAP JA 5.0 14-02
SECTION 3
Linking a Provider to a LDAP User
An LDAP linking tool has been created to link the provider’s name in the ProVation application with their
LDAP user name. This is a manual process and must be completed for each provider. This tool is
accessed on the Manage Users window in Security Maintenance.
For existing providers or new providers using ProVation applications, their required demographic
information must already be in or added to the ProVation database. After the required information is
entered into the ProVation database, the provider can then be linked to an LDAP user name. Linking
causes the existing passwords of the linked provider’s accounts to be retained but they are not valid for
a successful logon to ProVation MD.
Note: User names and passwords must be kept to a maximum of 15 characters each since ProVation MD
restricts the length of a user’s credentials.
To create a new provider in the ProVation database, see the “Creating a New Provider Profile in
Provider Maintenance” section of the ProVation MD - Power User Setup & Configuration Guide.
Tip: ProVation Medical highly recommends creating an LDAP enabled technical support account that
can be used to assist in troubleshooting LDAP issues.
To link a provider to an LDAP user name
1. From the main ProVation MD window, click Maintenance > Security Maintenance.
2. The Security Maintenance-Groups window is displayed. Click a group. The Security MaintenanceBasic Tasks window is displayed.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
7
Section 3: Linking a Provider to a LDAP User
3. Click Manage Users to display the Manage Users window.
4. Select the name of the provider you want to associate to an LDAP user name and click LDAP.
The Link to LDAP window is displayed and, if there are multiple domains configured, you are
asked to select a domain.
5. If an LDAP User ID is found on the LDAP server, the User ID column is populated with the user’s
User ID.
Note: If a user ID is not found, a message is displayed stating this and you will need to add the
user to the LDAP server.
6. If the user is not associated to a domain, the Domain drop-down list defaults to the Default
domain. If the user needs to be assigned to a different domain, click the correct domain using
the Domain drop-down list.
7. Click Select to accept the User ID, domain, and to close the Link To LDAP window.
Lightweight Directory Access Protocol (LDAP) Job Aid
8
LDAP JA 5.0 14-02
SECTION 4
Emergency Access with LDAP
Emergency access is one of the criteria that are required for meaningful use modular certification. The
emergency access option, available within ProVation MD and ProVation MultiCaregiver, allows you to
identify individual users that are authorized to access electronic patient information during an
emergency or other appropriate extenuating circumstance as determined by the customer.
Emergency access is controlled at the individual user level. There are two steps necessary to provide
emergency access for a specific user. The first step is to enable the emergency access feature. This is
done in the Configuration Center. Enabling the emergency access feature enables it for all sites that are
configured within the ProVation database. The second step is to grant emergency access to individual
users. This is done in Security Maintenance. Enabling emergency access for individual users gives those
users emergency access to only the sites to which they have access.
To enable emergency access
1. Click Utilities > Configuration Center > [Site/Specialty] > Advanced tab > Password
Configuration. The Password Configuration tab is displayed.
2. To enable the use of emergency access, select the Enable Emergency Access check box.
Note: Emergency access is enabled for all sites.
3. Click Save.
4. Click Close and then click Close again to return to the main ProVation MD window.
To grant emergency access rights to individual users
1. Click Maintenance > Security Maintenance > [Group] > Manage Users. The Manage Users
window is displayed.
2. Select a user’s name and then click the Access button in the toolbar. The User Access Options
dialog box is displayed.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
9
Section 4: Emergency Access with LDAP
3. Complete one or more of the following:



Select Allow Emergency Access – ProVation MD to allow the user to have Emergency Access
to ProVation MD. An Emergency Access button will be displayed on the ProVation MD logon
page.
Select Allow Emergency Access – MCG to allow the user to have Emergency Access to
ProVation MultiCaregiver. An Emergency Access button will be displayed on the ProVation
MultiCaregiver logon page.
Select ProVation WebView Access (not part of emergency access) to allow the user access
to the ProVation WebView application.
4. Click Save to save the changes for this user’s access rights.
5. Repeat steps 2-4 for each user that needs to have access rights granted.
Lightweight Directory Access Protocol (LDAP) Job Aid
10
LDAP JA 5.0 14-02
SECTION 5
Enabling ProVation Web Services
to Use a Client Certificate
To enable ProVation Web Services to use a client certificate, you must install the client certificate in
the local machine store. When you install a client certificate in the local machine store, the client
certificate is only available for user accounts in the Administrators group and for the user who installed
the client certificate. Therefore, you must grant access to the client certificate for the user account
that is used to run ProVation Web Services.
See the following link for further information: http://support.microsoft.com/kb/901183.
Installing a Certificate in the Local Machine Store
To install a certificate in the local machine store:
1. Open your browser to http://[LDAP server name or IP address]/certsrv/. The following window
is displayed:
2. Click Request a certificate. The following window is displayed:
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
11
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing a Certificate in the Local Machine Store
3. Click advanced certificate request. The following window is displayed:
4. Click Create and submit a request to this CA. The following window is displayed:
Lightweight Directory Access Protocol (LDAP) Job Aid
12
LDAP JA 5.0 14-02
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing a Certificate in the Local Machine Store
5. Select user from the Certificate Template drop-down list.
6. Select the Store certificate in the local computer certificate store check box.
7. Click Submit. The Potential Scripting Violation dialog box is displayed:
8. Click Yes in the Potential Scripting Violation dialog box. The following window is displayed:
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
13
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing a Certificate in the Local Machine Store
9. Click Install this Certificate. The Potential Scripting Violation dialog box is displayed.
10. Click Yes in the Potential Scripting Violation dialog box. The Security Warning dialog box is
displayed.
11. Click Yes in the Security Warning dialog box. The certificate is installed and the following
window is displayed:
Lightweight Directory Access Protocol (LDAP) Job Aid
14
LDAP JA 5.0 14-02
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Granting Access to ASP.NET
Granting Access to ASP.NET
To grant access to ASP.NET:
1. Download and then install the Microsoft Windows HTTP Services Certificate Configuration Tool
(winhttpcertcfg.exe). To obtain the tool, visit the following Microsoft Web site:
http://www.microsoft.com/downloads/details.aspx?familyid=c42e27ac-3409-40e9-8667c748e422833f
2. Open a command window in the directory where winhttpcertcfg.exe is installed. The default is
C:\program files\Windows Resource Kits\Tools.
3. Type the following command:
winhttpcertcfg.exe –g –c LOCAL_MACHINE\MY –s “Administrator” –a “NETWORK
SERVICE”.
4. Restart IIS to enable the changes.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
15
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing the Root Certificate of the Certification Authority
Installing the Root Certificate of the Certification Authority
If you have not already installed the root certificate of your Certification Authority (CA), you must do so.
The Microsoft Windows operating system includes the root certificates of many external CAs preinstalled in the Trusted Root Certification Authorities certificate store.
To check if the CA root certificate is installed
1. Run the Microsoft Management Console (MMC): On the Start Menu, click Run, type MMC, and
then click OK. The Console window is displayed.
2. From the File menu, click Add/Remove Snap-in.
The Add/Remove Snap-in window is displayed.
3. Click Add. The Add Standalone Snap-in window is displayed.
Lightweight Directory Access Protocol (LDAP) Job Aid
16
LDAP JA 5.0 14-02
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing the Root Certificate of the Certification Authority
4. Select Certificates, and then click Add. The Certificates snap-in window is displayed.
5. Select Computer account, and then click Next. The Select Computer window is displayed.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
17
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing the Root Certificate of the Certification Authority
6. Select Local computer, and then click Finish.
7. Click Close on the Add Standalone Snap-in window.
8. Click OK on the Add/Remove Snap-in window.
9. In the Console window, expand the Certificates (Local Computer) folder, then expand the
Trusted Root Certification Authorities folder, and then click Certificates.
10. Verify that your CA certificate is listed.
Lightweight Directory Access Protocol (LDAP) Job Aid
18
LDAP JA 5.0 14-02
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing the Root Certificate of the Certification Authority
If your root certificate is not installed, you will need to install it. If you have the CA root certificate in a
certificate file (for example, a .cer, .der, or .pfx file), you can install it using the procedure below.
Otherwise, you will need to request a CA root certificate from Microsoft Certificate Services. If your CA
is a Microsoft Certificate Services installation, you must request the root certificate.
To request the CA root certificate from Microsoft Certificate Services
1. Open your browser to http://[LDAP servername or IP address]/certsrv.
2. Click Download a CA certificate, certificate chain or CRL.
3. Select the CA certificate from the list, select DER for the encoding method, and then click
Download CA certificate.
4. Install the certificate in the Trusted Root Certification Authorities folder as described in “To
install the CA root certificate from a file.”
To install the CA root certificate from a file
1. Run the Microsoft Management Console (MMC).
2. In the left pane of the MMC snap-in, expand the Certificates (Local Computer) folder.
3. Right-click Trusted Root Certification Authorities, and then click Import.
4. Use the Certificate Import wizard to import the certificate from the file.
Lightweight Directory Access Protocol (LDAP) Job Aid
LDAP JA 5.0 14-02
19
Section 5: Enabling ProVation Web Services to Use a Client Certificate
Installing the Root Certificate of the Certification Authority
Lightweight Directory Access Protocol (LDAP) Job Aid
20
LDAP JA 5.0 14-02