Configure IIS to require a client certificate

After you configure IIS as a secure reverse proxy, you configure IIS to work with a client certificate.

To configure IIS to work with a client certificate:

  1. In SSL Settings for your website,configure IIS to require a client certificate.

  2. In IIS Manager, select your server farm, click Proxy, and enable Reverse rewrite host in response headers.Also, review the value in Forward encoded client certificate in the following header. This is the name of the header that OpenText Application Quality Management will use to authenticate. The ALM default value is CERT. You can set the value to CERT, or leave the value as is.

    Note: If the value is not CERT, you must set the EXTERNAL_AUTH_CERT_HEADER_NAME site parameter to match the value in Forward encoded client certificate in the following header.

  3. Restart IIS so it will read the configuration.

  4. Verify that IIS accepts your smart card certificate.

    Go to https://<webserver>:<securePort>/qcbin. Make sure the OpenText Application Quality Management home page opens after you provide your smart card certificate.

    Note: The web server name must be in FQDN (fully qualified domain name) format when using a secure connection.