3 install the ssl server certificate, Install the ssl server certificate – Acronis Access Advanced - Administrator's Guide User Manual
Page 101
101
Copyright © Acronis International GmbH, 2002-2014
HTTP authentication:
Basic authentication - The user enters a username and password which the TMG server validates
against the specified authentication server.
Digest and WDigest authentication - Has the same features as the Basic authentication but
provides a more secure way of transmitting the authentication credentials.
Integrated windows authentication - Uses the NTLM, Kerberos, and Negotiate authentication
mechanisms. These are more secure forms of authentication because the user name and
password are hashed before being sent across the network.
Forms-based authentication:
Password form - Prompts the user to enter a username and a password.
Passcode form - Prompts the user to enter a username and a passcode.
Passcode and Password form - Prompts the user to enter a username/password combination and
a username/passcode combination.
Client certificate authentication
When users make a request for published resources, the client certificate sent to Forefront TMG is
passed to a domain controller, which determines the mapping between certificates and accounts.
The certificate must be matched to a user account.
Note: Client certificate authentication is not supported for authenticating outbound Web requests.
Info: For more information on TMG authentication, please visit these sites:
http://technet.microsoft.com/en-us/library/cc441695.aspx
http://technet.microsoft.com/en-us/library/cc441713.aspx
5.4.3 Install the SSL Server Certificate
Request and install an SSL certificate using the FQDN for each Gateway server you want to publish via
TMG in order to prevent DNS spoofing. You need to install the root SSL certificates on the TMG
computer. These certificates should match the FQDN of each published server.
Follow the steps bellow to import a certificate to the TMG computer:
1. On the TMG computer, click Start, type mmc, and then press Enter or click OK.
2. 2. Click the File menu and then click Add/Remove Snap-in or press Ctrl+M. Under Available
Snap-ins, click Certificates and then click Add.
3. Select Computer Account and then click Next, click Local Computer and then click Finish.
4. Click OK in the Add Or Remove Snap-ins dialog box.
5. Expand Certificates (Local Computer), then expand Personal, and then expand Certificates.
6. Right-click the Certificates node, select All Tasks, and then select Import... .
7. The Welcome To The Certificate Import Wizard page appears. Click Next.
8. On the File To Import page, type the certificate location.
9. On the Password page, type the password provided by the entity that issued this certificate.
10. On the Certificate Store page confirm that the location is Personal.
11. The Completing The Certificate Import Wizard page should appear with a summary of your
selections. Review the page and click Finish.