Creating secure web sites

Active Directory Federation Services (AD/AD FS) authentication requires an https protocol instead of an http protocol. Consequently, you require a Secure Sockets Layer (SSL) certificate for the website (e.g., Default Web Site) to host the Optiva application. This SSL certificate ensures that the website is a trusted authority.

There are two types of SSL certificates:

• CA certificates are provided by a third party and can be imported to IIS.
• Self-signed certificates can be created manually in IIS or they can be imported to IIS.
• If the Active Directory Federation Services and FsOptivaWeb servers differ, then create a self-signed certificate on the Active Directory Federation Services server. Then, import it to the FsOptivaWeb server.

As a final step, you must edit the bindings in IIS to include the type and SSL certificate.

When users try to launch Optiva, they can receive an untrusted security certificate error. In this case, verify that you have placed the certificate in a Trusted Root Certification Authorities store.

For more information about certificates, see the Infor Federation Services documentation that is available on Infor Support Portal.