Test Lab Guide: Demonstrating Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service

  • Article

Authored By: Bill Mathers

A downloadable version of this document is available at Test Lab Guide: Demonstrating Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service.

Forefront Identity Manager 2010 Certificate Management user self-service allows domain users to log on to FIM CM web portal and manage their own certificates. This registration model typically does not implement any manager intervention or approval. The user is the only one involved in the entire process. The user initiates the request and then executes the request.

In this model, the following process is implemented:

  1. A user initiates a certificate request.

  2. The user responds to data collection.

  3. The user executes the request and a certificate is issued.

Self Service Flow

This document will demonstrate how to enable this functionality in a test lab.

In This Guide

This guide contains instructions for setting up a test lab based on the Test Lab Guide: Demonstrating Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service. This is achieved by configuring Forefront Identity Manager 2010 Certificate Management using the environment that was built out in the preceding test lab guides. The resulting Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service test lab demonstrates and verifies user self-service.

Important

The following instructions are for configuring Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service test lab using a scaled-out deployment. That is, the FIM CM Portal and the FIM CM database will not be residing on the same server. Individual computers are needed to separate the services provided on the network and to clearly show the desired functionality. This configuration is neither designed to reflect best practices nor does it reflect a desired or recommended configuration for a production network. The configuration, including IP addresses and all other configuration parameters, is designed only to work on a separate test lab network. Attempting to adapt this Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service test lab configuration to a pilot or production deployment can result in configuration or functionality issues. To ensure proper configuration and operation for your pilot or production Forefront Identity Manager 2010 Certificate Management deployment, use the information in Deployment (https://go.microsoft.com/fwlink/?LinkId=210866).

Test Lab Overview

In this test lab, Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service is deployed with:

  • One preexisting server running the FIM CM Portal named FIMCM1.

  • One preexisting server running SQL Server® 2008 Enterprise with Service Pack 2, named APP1.

  • One preexisting server running Microsoft Exchange Server 2010 with Service Pack 1, named EX1.

  • One preexisting client running Windows® 7 Ultimate Edition named CLIENT1.

  • One preexisting server running Windows Server® 2008 R2 Enterprise Edition, named DC1.

The Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service uses the following subnet:

  • The intranet established by the Base Configuration Test Lab Guide, referred to as the Corpnet subnet (10.0.0.0/24).

Computers on each subnet connect using a hub or switch. See the following figure.

FIM CM Test Lab Guide Architecture

This test lab will guide you through the Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service configuration process. The purpose of this test lab is to allow for the creation of a basic test lab environment that consists of Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service.

Hardware and Software Requirements

There are no additional hardware or software requirements for this guide.

Steps for Configuring the Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service Test Lab

There are seven steps to follow when setting up the Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service test lab based on the Test Lab Guide: Demonstrating Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service.

  • Step 1: Set up the Base Configuration—The Base Configuration is the core of all Test Lab Guide scenarios. The first step is to complete the Base Configuration.

  • Step 2: Set up the Exchange Server 2010 with Service Pack 1 TLG—The second step is to complete the Exchange Server 2010 with Service Pack 1 test lab guide. This provides Active Directory® attributes and e-mail functionality for FIM CM.

  • Step 3: Set up the SQL Server 2008 Enterprise with Service Pack 2 TLG—The third step is to complete the SQL Server 2008 Enterprise with Service Pack 2 test lab guide. This provides the database server for your FIM CM installation.

  • Step 4: Set up the Forefront Identity Manager 2010 TLG—The fourth step is to complete the Forefront Identity Manager 2010 test lab guide. This provides FIM to the test lab environment.

  • Step 5: Set up the FIM CM with Constrained Delegation, Update 1, and FIM TLG— The fourth step is to complete the FIM CM with Constrained Delegation, Update 1, and FIM Test Lab guide. This provides FIM CM to the test lab environment.

  • Step 6: Configure FIM CM for User Self-Service—The sixth step walks you through configuring FIM CM to enable user self-service.

  • Step 7: Verify Self-Service— The seventh step includes verifying that self-service is working successfully.

This guide provides steps for configuring the computers of Forefront Identity Manager 2010 Certificate Management User Certificate Self-Service test lab. The following sections provide details about how to perform these tasks.