Using Client Certificates When Crawling Content - Help and How-to

Click here to switch to other Office Online sites worldwide

United Kingdom (change) | All Microsoft Sites

	Help and How-to

Search

	Buy Office 2007 Free Office 2007 trial
Get Office 2007

	Technical support Register your product
Help & support

	Check for free updates
Office updates

Help and How-to

» Help and How-to home

Help by Product

» All Products

How-to Resources

» Training

» Demos

» Get Started with the 2007 Programs

» 2007 Training Course Catalog

» User Interface Guides

» Office Online Site Help

Support and Feedback

» Product Support

» Send Us Your Comments

Technical Resources

» Office System on TechNet

» Developer Center

» Office Resource Kit

» Microsoft Security

» For Office Live Partners

Additional Resources

» For Small Businesses

» Office Marketplace

» Discussion Groups

» Enterprise Solutions

» Microsoft Learning

Get Office 2007

» Buy Office 2007

» Free 60-day Trial

Home > Help and How-to

Warning: You are viewing this page with an unsupported Web browser. This Web site works best with Microsoft Internet Explorer 6.0 or later, Firefox 1.5, or Netscape Navigator 8.0 or later. Learn more about supported browsers.

Printer-Friendly Version

Using Client Certificates When Crawling Content

Crawling content with client certificates is another way of allowing the portal site to authenticate when it is crawling content. Setting up client certificates requires configuration both inside and outside of the portal site.

Note To perform the following procedures on the index management servers and the front-end Web servers, you must be a member of the local Administrators group on the server on which you are performing the procedure.

Use client certificates when crawling content

Obtain a client certificate.
Obtain a client certificate that is valid for crawling a site. The certificate must be a Personal Information Exchange type certificate (*.pfx).
Important Each client certificate that you want to use for crawling must have a unique "issued to" name.
Export the client certificate.
Export the client certificate with the private key (*.pfx file) to use on the index management servers. Export the client certificate without the private key (*.cer file) to use on the front-end Web servers.
Import the certificate to the Personal certificate store for the Local Computer.
Do the following on the index management server on which the index containing the content source that requires the certificate is located:
1. On the taskbar, click Start, and then click Run.
2. Type mmc and then click OK.
3. In the console, on the File menu, click Add/Remove Snap-in.
4. In the Add/Remove Snap-in dialog box, on the Standalone tab, click Add.
5. In the Add Standalone Snap-in dialog box, in the Available Standalone Snap-ins list, click Certificates, and then click Add.
6. In the Certificates snap-in dialog box, click Computer account, and then click Next.
7. In the Select Computer dialog box, click Local computer: (the computer this console is running on), and then click Finish.
8. Click Close to close the Add Standalone Snap-in dialog box.
9. Click OK to close the Add/Remove Snap-in dialog box.
10. Expand the Certificates (Local Computer) node.
11. Right-click Personal, point to All Tasks, and then click Import.
12. On the Welcome to the Certificate Import Wizard page, click Next.
13. On the File to Import page, specify the location of the certificate in the File name box, and then click Next.
  Note The certificate must be a Personal Information Exchange type certificate (*.pfx).
  
  Important Each client certificate that you want to use for crawling must have a unique "issued to" name.
14. On the Password page, type the password for the certificate in the Password box, and then click Next.
15. On the Certificate Store page, do the following:
  1. Click Place all certificates in the following store.
  2. In the Certificate store box, specify Personal.
  3. Click Next.
16. On the Completing the Certificate Import Wizard page, click Finish.
17. Click OK to close the message box.
Ensure that the Certificate Authority is listed in the Trusted Root Certification Authorities certificate store.
To avoid being challenged for the validity of the certificate, you must have the Certificate Authority listed in the Trusted Root Certification Authorities certificate store.
You can check to see if the Certificate Authority is listed by doing the following on the index management server:
1. Open the Certificates snap-in that you created in step 5 (Import the certificate to the Personal certificate store for the Local Computer).
2. Expand the Certificates (Local Computer) node.
3. Expand the Personal node, and then click Certificates.
4. In the detail pane, double-click the client certificate that you imported.
  The Certificate dialog box appears.
5. On the General tab, if there is a red circle with an X in it next to Certificate Information, the Certificate Authority is not listed in the Trusted Root Certification Authorities certificate store.
If the Certificate Authority is not listed in the Trusted Root Certification Authorities certificate store, do the following on the index management server on which the index containing the content source that requires the certificate is located:
1. Open the Certificates snap-in that you created in step 5 (Import the certificate to the Personal certificate store for the Local Computer).
2. Expand the Certificates (Local Computer) node.
3. Right-click Trusted Root Certification Authorities, point to All Tasks, and then click Import.
4. On the Welcome to the Certificate Import Wizard page, click Next.
5. On the File to Import page, specify the location of the certificate in the File name box, and then click Next.
  Note The certificate must be a Personal Information Exchange type certificate (*.pfx).
6. On the Password page, type the password for the certificate in the Password box, and then click Next.
7. On the Certificate Store page, do the following:
  1. Click Place all certificates in the following store.
  2. In the Certificate store box, specify Trusted Root Certification Authorities.
  3. Click Next.
8. On the Completing the Certificate Import Wizard page, click Finish.
9. Click OK to close the message box.
Specify permissions for the certificate.
There is a tool called WinHTTPCertCfg.exe that you use to specify permissions for a certificate. You can download the Windows HTTP Services Certificate Configuration Tool. This tool enables the account specified to use the private key to access the Web site that you want to crawl.

In the following procedure, use the configuration database administration account for DOMAIN\account.
1. Download WinHTTPCertCfg.exe to the index management server on which the index containing the content source that requires the certificate is located.
2. Open command prompt.
3. Navigate to the location of WinHTTPCertCfg.exe.
4. Type WinHttpCertCfg.exe -g -c LOCAL_MACHINE\MY -s certificate_name -a DOMAIN\account and then press ENTER.
Add a rule that includes or excludes content on the content index that you want to use a certificate for crawling.
For more information, see Adding a Rule That Includes or Excludes Content.
Start a full update of the content source.
For more information, see Starting a Full Update of a Content Source.

Printer-Friendly Version

Related Web Sites

» Product Support
» Microsoft.com

» Microsoft Update
» TechNet

» Office Developer Center
» Office Community

» Office for Mac

Site Help | Accessibility | Contact Us | My Office.com | Office Worldwide Click here to switch to other Office Online sites worldwide