Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Lightweight Directory Access Protocol (LDAP) Job Aid Copyright Notice © 1999-2014 ProVation Medical, a Wolters Kluwer Health Company. All rights reserved. ProVation Medical (“ProVation”), a Wolters Kluwer Company, reserves the right to make improvements to the software product described in this manual at any time without notice. ProVation is the copyright owner of its software products, including the entire content of this manual, diskettes and CD ROMs supplied. This document may not, in whole or in part, be copied, photocopied, reproduced, translated or reduced to any electronic medium or machinereadable form without prior consent from ProVation. Willful violation of the Copyright Law of the United States of America can result in civil and criminal penalties. The information contained in this document is confidential to properly licensed users of ProVation. Willful violation can result in civil and criminal penalties. American Medical Association – CPT: CPT Copyright 2013 American Medical Association. All rights reserved. Fee schedules, relative value units, conversion factors and/or related components are not assigned by the AMA, are not part of CPT, and the AMA is not recommending their use. The AMA does not directly or indirectly practice medicine or dispense medical services. The AMA assumes no liability for data contained or not contained herein. CPT is a registered trademark of the American Medical Association. The responsibility for the content of any “National Correct Coding Policy” included in this product is with the Centers for Medicare and Medicaid Services and no endorsement by the AMA is intended or should be implied. The AMA disclaims responsibility for any consequences or liability attributable to or related to any use, nonuse or interpretation of information contained in this product. U.S. Government Rights - This product includes CPT which is commercial technical data and/or computer data bases and/or commercial computer software and/or commercial computer software documentation, as applicable which were developed exclusively at private expense by the American Medical Association, 515 North State Street, Chicago, Illinois, 60610. U.S. Government rights to use, modify, reproduce, release, perform, display, or disclose these technical data and/or computer data bases and/or computer software and/or computer software documentation are subject to the limited rights restrictions of DFARS 252.227-7015(b)(2) (June 1995) and/or subject to the restrictions of DFARS 227.7202-1(a) (June 1995) and DFARS 227.7202-3(a) (June 1995), as applicable for U.S. Department of Defense procurements and the limited rights restrictions of FAR 52.227-14 (June 1987) and/or subject to the restricted rights provisions of FAR 52.227-14 (June 1987) and FAR 52.227-19 (June 1987), as applicable, and as applicable agency FAR Supplements, for non-Department of Defense Federal Procurements. Indications for use: ProVation MD and ProVation MultiCaregiver applications are intended for use in the following situations: Create procedure documentation Code for supplies and medications used Report on procedure documentation and other administrative functions The resulting documentation and associated images are to be used for the purpose of patient education and reference. The information and images are not to be used for diagnostic purposes. Precautions: ProVation MD and ProVation MultiCaregiver applications should be used as designed and documented in their respective user and configuration manuals. Caution: Federal Law restricts this device to sale by or on the order of a physician (or properly licensed practitioner). ProVation Medical 800 Washington Avenue North Suite 400 Minneapolis, MN 55401 877.454.2994 www.provationmedical.com ProVation, Anticipatory Interface, and Clinical Productivity by Design are registered trademarks of ProVation. All other brand, product or company names are trademarks of their respective owners. All patient and provider examples contained within this document are hypothetical and provided for example only. Revision Date 8/6/14 CONTENTS Introduction: ...................................................................................................... iii Help, Support, and Other Resources .....................................................................................iii Accessing User Manuals..................................................................................................iii Document Conventions ...............................................................................................iii ProVation Customer Web Site ..........................................................................................iv Contacting Customer Support ..........................................................................................v Viewing the Version Number ........................................................................................vi Logging On to ProVation MD ...............................................................................................vi Logging Off ProVation MD ..................................................................................................vi Exiting ProVation MD .......................................................................................................vi Section 1: Enabling and Configuring LDAP .................................................................... 1 Enabling LDAP................................................................................................................1 Configuring an LDAP Server................................................................................................2 Section 2: Using LDAP in Multiple Domains ................................................................... 5 Associating a Site to a Domain ............................................................................................5 Adding a Domain ............................................................................................................6 Editing a Domain Name ....................................................................................................6 Deleting a Domain Name ...................................................................................................6 Section 3: Linking a Provider to a LDAP User ................................................................ 7 Section 4: Emergency Access with LDAP ...................................................................... 9 Section 5: Enabling ProVation Web Services to Use a Client Certificate................................. 11 Installing a Certificate in the Local Machine Store ....................................................................11 Granting Access to ASP.NET ...............................................................................................15 Installing the Root Certificate of the Certification Authority ........................................................16 Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 i Contents Lightweight Directory Access Protocol (LDAP) Job Aid ii LDAP JA 5.0 14-02 INTRODUCTION Lightweight Directory Access Protocol (LDAP) is a commonly employed Internet protocol that facilitates information exchange between a server and client. Information such as contacts, address books, or other directory information can be sent using this protocol. By using LDAP, a user is able to log on to any component of their system that they have access to using one enterprise user name and password. The LDAP feature allows ProVation to accommodate and incorporate LDAP authentication within the ProVation applications for the 5.0 versions and beyond. Basic user name and password authentication is supported when logging on, finalizing a note, creating an addendum, or any other operation where a user is required to provide their credentials. This capability meets increasingly stringent user name and password requirements while matching existing client LDAP processes. User names and passwords must be kept to a maximum of 15 characters each since ProVation MD restricts the length of a user’s credentials. ProVation supports three types of LDAP directories; Sun (Sun ONE), Novell (eDirectory), and Microsoft (Active Directory). ProVation supports LDAP across both single and multiple domains. Help, Support, and Other Resources Tip: ProVation Medical highly recommends creating an LDAP enabled technical support account that can be used to assist in troubleshooting LDAP issues. Accessing User Manuals At any time while working within a ProVation application you can press the F1 key on your keyboard to access the PDF versions of the ProVation user manuals for help. Document Conventions The conventions followed in the documentation are listed in the table below. Item Example Navigation paths through application or operating system windows are indicated with a greater than (>) symbol. All navigation paths assume you are starting from the main window of the application. Navigation path: Selections that might be optional for a site depending on configuration are contained within brackets [Site/Specialty]. [Case Detail Barcode] Click Utilities > Configuration Center > [Site/Specialty] > Advanced tab > Password Configuration. Placeholders: <Specimen with Barcode> Variable placeholders are also indicated with square and angle brackets, such as in Site Documents. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 iii Introduction Help, Support, and Other Resources Item Example References to related publications are shown in italic font. For more information, see the ProVation MD - Software Administrator Guide. File names, file paths, and information users must enter are shown in courier font. If your site uses an orders interface, the default location of the file is on the Application Server at c:\Interface\HL7. Buttons, tabs, selections, options, and lists within a task that a user must click are shown in bold. From the View options, click Today’s Cases. References to Web sites appear underlined and in blue. These are hypertext links. Cross-references to another topic within the manual are shown in blue text. You can click on the link to jump to the topic. Type 3 in the field. Click Save. www.provationmedical.com For more information, see “Username and Password Maintenance” on page 6. ProVation Customer Web Site The ProVation Customer Web Site at https://peach.provationmedical.com provides: • Information prepared by ProVation Medical Customer Support • ProVation U on-line training classes and on-demand training videos • Best practices developed and shared by the ProVation community of users • Forums targeted to specific user groups (Physicians, Nurse Managers and Power Users, IT and Software Administrators, and Coding and Billing Professionals) Access to the ProVation Customer Web Site is free to our customers, but you must register to access the Web site. If you are not yet registered, please browse to https://peach.provationmedical.com/register and sign up. After you receive the confirmation sent to the email address you register with, you can access the ProVation Customer Web Site. Lightweight Directory Access Protocol (LDAP) Job Aid iv LDAP JA 5.0 14-02 Introduction Help, Support, and Other Resources Contacting Customer Support ProVation Medical Customer Support is a group of technical professionals responsible for application and technical support of ProVation Medical software, with access to all ProVation Medical content and development experts. If you require direct assistance from a support analyst, ProVation Medical Customer Support delivers personalized and responsive service. Because we realize your first priority is patient care, you can always expect to quickly reach a qualified support analyst—never a complex phone tree or voicemail box. In the USA — 877.454.2994, option 1 Live Support After Hours 6am - 11pm CST, Monday – Thursday 6am - 6pm CST, Friday In Australia — 1800.855.742 6am - 6pm AEST, Monday - Friday In New Zealand — 0800.450.250 8am - 8pm AEST, Monday - Friday In Saudi Arabia — 001-800-844-5770 6:00 am - 6:00 pm AST Sunday - Thursday In the USA — 877.454.2994, option 1 In the USA, leave a voicemail for the next business day. If the issue is urgent, press 8 to reach our after-hours/holiday cell phone. Leave a detailed message that includes your name, phone number, and site ID. A support analyst will contact you in 15 minutes or less. In Australia — 1800.855.742 In Australia, leave a detailed message, and a support analyst will contact you in 15 minutes or less. In New Zealand — 0800.450.250 In New Zealand, leave a detailed message, and a support analyst will contact you in 15 minutes or less. In Saudi Arabia — 001-800-844-5770 In Saudi Arabia, leave a detailed message, and a support analyst will contact you in 15 minutes or less. Email non-urgent questions to us anytime, and a support analyst will contact you. In the USA — [email protected] Email In Australia — [email protected] In New Zealand — [email protected] In Saudi Arabia — [email protected] Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 v Introduction Logging On to ProVation MD If you need to contact ProVation Medical for customer support, the ProVation representative may ask you to go to provide information about the software version installed at your site. See “Viewing the Version Number” in the next section. Viewing the Version Number If you are calling Customer Support, you may need to provide them with the version number of the application that you are using at your site. To view software version information for ProVation MD 1. Open ProVation MD. 2. Log on to the application (see “Logging On to ProVation MD” on page vi). The ProVation MD main window is displayed. 3. Click Exit > About ProVation MD. The version information is displayed. 4. Click Close to close the dialog box. Logging On to ProVation MD To begin using ProVation MD and complete any of the tasks outlined in this and other ProVation Medical user manuals, you must first log on to the application. To log on to ProVation MD 1. Double-click the ProVation MD icon on your desktop. The log on screen is displayed. 2. Type your user name and password in the appropriate fields. 3. Click OK. ProVation MD opens to the main view, with the navigation bar on the left side of the screen. Logging Off ProVation MD When finished using ProVation MD, the current user should log off of the software. Logging off leaves the application open and presents the next user with the logon screen. To log off of ProVation MD 1. Click Exit > Logoff. 2. The session ends and the logon screen is displayed. Exiting ProVation MD Exiting ProVation MD closes the application and secures patient data. To exit ProVation MD • From the main navigation bar, click Exit > Exit. The application closes. Lightweight Directory Access Protocol (LDAP) Job Aid vi LDAP JA 5.0 14-02 SECTION 1 Enabling and Configuring LDAP The LDAP tab is located in Password Configuration of Configuration Center. The selection of a check box enables LDAP for the all sites and allows site administrators to use their enterprise password authentication via LDAP. Once LDAP is enabled, system administrators can configure ProVation applications to authenticate via the enterprise authentication server - Sun (Sun ONE), Novell (eDirectory), and Microsoft (Active Directory). Enabling LDAP LDAP must be enabled within ProVation MD in order to be used in the ProVation applications. To access the LDAP tab and enable LDAP 1. From the main ProVation MD window, click Utilities > Configuration Center > [Site/Specialty] > Advanced tab > Password Configuration. The Password Configuration window is displayed. 2. Click the LDAP tab. The LDAP page is displayed. 3. Click the Enable LDAP check box to enable the LDAP configuration items. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 1 Section 1: Enabling and Configuring LDAP Configuring an LDAP Server Configuring an LDAP Server Once enabled, LDAP can be configured in multiple ways to meet the needs for its use at your facility. To configure LDAP 1. With LDAP enabled, select a domain that you want to configure. Note: A Default domain is created for all sites. You can use this default domain as is, rename it, or add additional domains. If you need to add a domain, see “Adding a Domain” on page 6. 2. Select your server type from the LDAP Server Type drop-down list. The selections available are: LDAP server Type Selection Microsoft Active Directory Active Directory Novell eDirectory eDirectory Lightweight Directory Access Protocol (LDAP) Job Aid 2 LDAP JA 5.0 14-02 Section 1: Enabling and Configuring LDAP Configuring an LDAP Server LDAP server Type Sun Java System Directory Server Selection Sun 3. In the LDAP Server field, enter the IP address, domain name, or server name of the LDAP Server being contacted for authentication queries. 4. In the Port field, enter the port number by which all LDAP Authentication queries pass communications. When not using SSL, the default value is 389. When using SSL, the default is 636 or it can be left blank. 5. In the Search Base field, enter the point in the directory structure at which the query begins its search. 6. In the Group String field, enter the group string value for the LDAP query. 7. In the LDAP Server User Name field, enter the user name of the individual with rights to query the LDAP directory. 8. In the LDAP Server Password field, enter the password of the individual with rights to query the LDAP directory. 9. The Login Attribute field displays the name of the login account type and is automatically populated with the following and is dependent on what LDAP Server Type is selected. LDAP server Type Login Attribute Microsoft Active Directory sAMAccountName Novell eDirectory UID Sun Java System Directory Server UID 10. In the Time Out field, type in the field or use the up and down arrows to select the number of seconds. Note: The value in the Time Out field determines how long the client machine will wait for a response from the LDAP server to verify the user. If the client does not get an LDAP response within the specified time period, it aborts the attempt to log on. The Time Out field should be set to greater than zero. A number less than or equal to zero means no timeout is specified which is equivalent to waiting for the response indefinitely. 11. Select the Enable Security Sockets Layer (SSL) check box to enable SSL for the LDAP connection. Note: Using SSL requires a client certificate be installed. See “Installing a Certificate in the Local Machine Store” on page 11 for more information. 12. Click the Validate Connection button to verify that the configuration for the selected domain is valid. 13. Click the Save button from the toolbar. 14. Click the Close button twice to return to the main window. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 3 Section 1: Enabling and Configuring LDAP Configuring an LDAP Server Lightweight Directory Access Protocol (LDAP) Job Aid 4 LDAP JA 5.0 14-02 SECTION 2 Using LDAP in Multiple Domains Associating a Site to a Domain If your site uses multiple domains for user authentication, you will need to create and configure each domain. The Default Domain by Site section of the LDAP tab is used to assign the default domain to each site that is part of your network. The sites that are displayed in the Default Domain by Site list are those that are configured in your database. Each site can be associated to a domain name. The domain names available in the drop-down lists of the Default Domain names column are the same as those in the Domain list. When first installed, all sites will be associated with the ‘Default’ domain name. The users of the system need to verify that they select the appropriate domain when they are given the option. To associate a site with a domain 1. On the LDAP tab of the Password Configuration window, select a site from the Default Domain by Site list. 2. Click the drop-down list in the Default Domain cell next to the site you are configuring. The drop-down list displays the domain names that are configured in the Domain column in the Configured Domains LDAP Servers section. 3. Click the domain name you want to make the default for the site. 4. Click Save on the LDAP toolbar. Important:If you are using LDAP with multiple domains for your facility(ies), it is important for the users to know which domain they belong. When performing any task that involves entering their credentials, they will also need to select their domain as well as entering their user name and password. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 5 Section 2: Using LDAP in Multiple Domains Adding a Domain Adding a Domain All sites that use LDAP are automatically given a default domain. If you have only one domain server for your facility(ies), you can simply use the default domain. However, if you have more than one domain across a single facility or multiple facilities, you can add additional domains and assign users to the appropriate domain. To add a domain 1. On the LDAP tab of the Password Configuration window, click the Add button. The Add/Edit Domain dialog box is displayed. 2. In the Domain field, type the name of the domain you are adding and then click Save. 3. Configure this new domain using the instructions found in the section “Configuring an LDAP Server” on page 2. Editing a Domain Name You can change the default domain name or the domain name of any another domain that you have created. To change the name of a domain 1. On the LDAP tab of the Password Configuration window, select a domain from the list of available domains. 2. Click the Edit button. The Add/Edit Domain dialog box is displayed. 3. In the Domain field, edit the name of the domain you selected. 4. Click Save to save the change to the list of available domains. Deleting a Domain Name You can remove a domain name from the list of available domains. To delete the name of a domain 1. On the LDAP tab of the Password Configuration window, select a domain from the list of available domains. 2. Click the Delete button. A confirmation prompt is displayed. 3. Click OK to remove this domain name or click Cancel to leave the name in the list of available domains. Lightweight Directory Access Protocol (LDAP) Job Aid 6 LDAP JA 5.0 14-02 SECTION 3 Linking a Provider to a LDAP User An LDAP linking tool has been created to link the provider’s name in the ProVation application with their LDAP user name. This is a manual process and must be completed for each provider. This tool is accessed on the Manage Users window in Security Maintenance. For existing providers or new providers using ProVation applications, their required demographic information must already be in or added to the ProVation database. After the required information is entered into the ProVation database, the provider can then be linked to an LDAP user name. Linking causes the existing passwords of the linked provider’s accounts to be retained but they are not valid for a successful logon to ProVation MD. Note: User names and passwords must be kept to a maximum of 15 characters each since ProVation MD restricts the length of a user’s credentials. To create a new provider in the ProVation database, see the “Creating a New Provider Profile in Provider Maintenance” section of the ProVation MD - Power User Setup & Configuration Guide. Tip: ProVation Medical highly recommends creating an LDAP enabled technical support account that can be used to assist in troubleshooting LDAP issues. To link a provider to an LDAP user name 1. From the main ProVation MD window, click Maintenance > Security Maintenance. 2. The Security Maintenance-Groups window is displayed. Click a group. The Security MaintenanceBasic Tasks window is displayed. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 7 Section 3: Linking a Provider to a LDAP User 3. Click Manage Users to display the Manage Users window. 4. Select the name of the provider you want to associate to an LDAP user name and click LDAP. The Link to LDAP window is displayed and, if there are multiple domains configured, you are asked to select a domain. 5. If an LDAP User ID is found on the LDAP server, the User ID column is populated with the user’s User ID. Note: If a user ID is not found, a message is displayed stating this and you will need to add the user to the LDAP server. 6. If the user is not associated to a domain, the Domain drop-down list defaults to the Default domain. If the user needs to be assigned to a different domain, click the correct domain using the Domain drop-down list. 7. Click Select to accept the User ID, domain, and to close the Link To LDAP window. Lightweight Directory Access Protocol (LDAP) Job Aid 8 LDAP JA 5.0 14-02 SECTION 4 Emergency Access with LDAP Emergency access is one of the criteria that are required for meaningful use modular certification. The emergency access option, available within ProVation MD and ProVation MultiCaregiver, allows you to identify individual users that are authorized to access electronic patient information during an emergency or other appropriate extenuating circumstance as determined by the customer. Emergency access is controlled at the individual user level. There are two steps necessary to provide emergency access for a specific user. The first step is to enable the emergency access feature. This is done in the Configuration Center. Enabling the emergency access feature enables it for all sites that are configured within the ProVation database. The second step is to grant emergency access to individual users. This is done in Security Maintenance. Enabling emergency access for individual users gives those users emergency access to only the sites to which they have access. To enable emergency access 1. Click Utilities > Configuration Center > [Site/Specialty] > Advanced tab > Password Configuration. The Password Configuration tab is displayed. 2. To enable the use of emergency access, select the Enable Emergency Access check box. Note: Emergency access is enabled for all sites. 3. Click Save. 4. Click Close and then click Close again to return to the main ProVation MD window. To grant emergency access rights to individual users 1. Click Maintenance > Security Maintenance > [Group] > Manage Users. The Manage Users window is displayed. 2. Select a user’s name and then click the Access button in the toolbar. The User Access Options dialog box is displayed. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 9 Section 4: Emergency Access with LDAP 3. Complete one or more of the following: Select Allow Emergency Access – ProVation MD to allow the user to have Emergency Access to ProVation MD. An Emergency Access button will be displayed on the ProVation MD logon page. Select Allow Emergency Access – MCG to allow the user to have Emergency Access to ProVation MultiCaregiver. An Emergency Access button will be displayed on the ProVation MultiCaregiver logon page. Select ProVation WebView Access (not part of emergency access) to allow the user access to the ProVation WebView application. 4. Click Save to save the changes for this user’s access rights. 5. Repeat steps 2-4 for each user that needs to have access rights granted. Lightweight Directory Access Protocol (LDAP) Job Aid 10 LDAP JA 5.0 14-02 SECTION 5 Enabling ProVation Web Services to Use a Client Certificate To enable ProVation Web Services to use a client certificate, you must install the client certificate in the local machine store. When you install a client certificate in the local machine store, the client certificate is only available for user accounts in the Administrators group and for the user who installed the client certificate. Therefore, you must grant access to the client certificate for the user account that is used to run ProVation Web Services. See the following link for further information: http://support.microsoft.com/kb/901183. Installing a Certificate in the Local Machine Store To install a certificate in the local machine store: 1. Open your browser to http://[LDAP server name or IP address]/certsrv/. The following window is displayed: 2. Click Request a certificate. The following window is displayed: Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 11 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing a Certificate in the Local Machine Store 3. Click advanced certificate request. The following window is displayed: 4. Click Create and submit a request to this CA. The following window is displayed: Lightweight Directory Access Protocol (LDAP) Job Aid 12 LDAP JA 5.0 14-02 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing a Certificate in the Local Machine Store 5. Select user from the Certificate Template drop-down list. 6. Select the Store certificate in the local computer certificate store check box. 7. Click Submit. The Potential Scripting Violation dialog box is displayed: 8. Click Yes in the Potential Scripting Violation dialog box. The following window is displayed: Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 13 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing a Certificate in the Local Machine Store 9. Click Install this Certificate. The Potential Scripting Violation dialog box is displayed. 10. Click Yes in the Potential Scripting Violation dialog box. The Security Warning dialog box is displayed. 11. Click Yes in the Security Warning dialog box. The certificate is installed and the following window is displayed: Lightweight Directory Access Protocol (LDAP) Job Aid 14 LDAP JA 5.0 14-02 Section 5: Enabling ProVation Web Services to Use a Client Certificate Granting Access to ASP.NET Granting Access to ASP.NET To grant access to ASP.NET: 1. Download and then install the Microsoft Windows HTTP Services Certificate Configuration Tool (winhttpcertcfg.exe). To obtain the tool, visit the following Microsoft Web site: http://www.microsoft.com/downloads/details.aspx?familyid=c42e27ac-3409-40e9-8667c748e422833f 2. Open a command window in the directory where winhttpcertcfg.exe is installed. The default is C:\program files\Windows Resource Kits\Tools. 3. Type the following command: winhttpcertcfg.exe –g –c LOCAL_MACHINE\MY –s “Administrator” –a “NETWORK SERVICE”. 4. Restart IIS to enable the changes. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 15 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing the Root Certificate of the Certification Authority Installing the Root Certificate of the Certification Authority If you have not already installed the root certificate of your Certification Authority (CA), you must do so. The Microsoft Windows operating system includes the root certificates of many external CAs preinstalled in the Trusted Root Certification Authorities certificate store. To check if the CA root certificate is installed 1. Run the Microsoft Management Console (MMC): On the Start Menu, click Run, type MMC, and then click OK. The Console window is displayed. 2. From the File menu, click Add/Remove Snap-in. The Add/Remove Snap-in window is displayed. 3. Click Add. The Add Standalone Snap-in window is displayed. Lightweight Directory Access Protocol (LDAP) Job Aid 16 LDAP JA 5.0 14-02 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing the Root Certificate of the Certification Authority 4. Select Certificates, and then click Add. The Certificates snap-in window is displayed. 5. Select Computer account, and then click Next. The Select Computer window is displayed. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 17 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing the Root Certificate of the Certification Authority 6. Select Local computer, and then click Finish. 7. Click Close on the Add Standalone Snap-in window. 8. Click OK on the Add/Remove Snap-in window. 9. In the Console window, expand the Certificates (Local Computer) folder, then expand the Trusted Root Certification Authorities folder, and then click Certificates. 10. Verify that your CA certificate is listed. Lightweight Directory Access Protocol (LDAP) Job Aid 18 LDAP JA 5.0 14-02 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing the Root Certificate of the Certification Authority If your root certificate is not installed, you will need to install it. If you have the CA root certificate in a certificate file (for example, a .cer, .der, or .pfx file), you can install it using the procedure below. Otherwise, you will need to request a CA root certificate from Microsoft Certificate Services. If your CA is a Microsoft Certificate Services installation, you must request the root certificate. To request the CA root certificate from Microsoft Certificate Services 1. Open your browser to http://[LDAP servername or IP address]/certsrv. 2. Click Download a CA certificate, certificate chain or CRL. 3. Select the CA certificate from the list, select DER for the encoding method, and then click Download CA certificate. 4. Install the certificate in the Trusted Root Certification Authorities folder as described in “To install the CA root certificate from a file.” To install the CA root certificate from a file 1. Run the Microsoft Management Console (MMC). 2. In the left pane of the MMC snap-in, expand the Certificates (Local Computer) folder. 3. Right-click Trusted Root Certification Authorities, and then click Import. 4. Use the Certificate Import wizard to import the certificate from the file. Lightweight Directory Access Protocol (LDAP) Job Aid LDAP JA 5.0 14-02 19 Section 5: Enabling ProVation Web Services to Use a Client Certificate Installing the Root Certificate of the Certification Authority Lightweight Directory Access Protocol (LDAP) Job Aid 20 LDAP JA 5.0 14-02