Gallup OMS Web Service Documentation

Certificate Request

Overview

This document outlines the process to request and import a Gallup certificate that can be used to access the certificate based endpoints on the OMS WCF web services. This means:

  1. You want to access our “DIACAP” WCF web services, or, in other words, our services that require heightened security using X.509 certificates.
  2. You need to know how to get the required certificate to access these services.

It is important to note that if you do not have a current OMS WCF username, you will need to request one from the OMS team. This username for identifying your application to OMS and for authorization of your applications account.

Create WCF Certificate Request

  1. In the “Run” window (Windows Key + R), type “MMC” and click “OK” to start the Microsoft Management Console. (Allow the program to run as administrator)
  2. Click File menu and select “Add/Remove Snap-in…”.
  3. Select “Certificates” and click Add. (This will bring up a wizard).
  4. Select “Computer Account” and click “Next” and then “Finish” on the next screen.
  5. Click “OK” on the “Add/Remove Snap-ins” window.
  6. Expand the “Certificates” node and then the “Personal” node (left side).
  7. Right click on the “Certificates” folder under the “Personal” folder and select “All Tasks” -> “Advanced Operations” -> “Create Custom Request…” (This will bring up the “Certificate Enrollment” window).
  8. Click “Next”.
  9. Click “Next” (Select Certificate Enrollment Policy page).
  10. On the “Custom request” page, click on the drop-down for the “Template”, select “Web Server”, and then click “Next”.
  11. On the “Certificate Information” page:
    1. Click “Details” on the “Web Server” entry in the “Active Directory Enrollment Policy” list.
    2. Click on the “Properties” button.
    3. In the “Subject Name” section, click the “Type” drop-down and select “Common name”.
    4. In the “Value” field, enter the WCF username you use to connect to the OMS WCF services.
    5. Click “Add”.
    6. Click “OK”.
  12. Click “Next” (Certificate Information page).
  13. Specify a location and file name for your request.
  14. Click “Finish”.
  15. Send the file, in email, to Don Plowman. He will then send you a certificate that you can import.

Import WCF Certificate

After receiving the certificate created by Don Plowman from the “Create WCF Certificate Request” above, you must import the certificate into your certificate (key) store. The instructions below start after you have started the “Microsoft Management Console” and added the “Certificate” snap-in (see steps 1 – 5 in the “Create WCF Certificate Request” section).

  1. Right click on the “Certificates” folder under the “Personal” folder, which is under the “Certificate (Local Computer)” node in the tree and select “All Tasks” and then “Import…”.
  2. Click “Next” on the welcome page.
  3. Browse to the certificate that you received from Don Plowman and click “Next”.
  4. Click “Next” on the Certificate Store page.
  5. Click “Finish”.

Grant Access to Certificate

Very few users have access to the certificate imported above. In fact, not even IIS has access to it. The following steps should be done for any user you want to have access to the certificate. Typically, these users would be the IIS user (as shown below) or your user. If you add your user, then you will not have to run applications (outside of IIS) as administrator.

Note: The instructions below start after you have started the “Microsoft Management Console” and added the “Certificate” snap-in (see steps 1 – 5 in the “Create WCF Certificate Request” section).

  1. Right click on the certificate imported in the section “Import WCF Certificate” and select “All Tasks” -> “Manage Private Keys…”.
  2. Click “Add…” to add another user.
  3. Click on the “Locations…” button and select your computer name.
  4. Enter the user you want to have access to the certificate and click “Check Names”. This should resolve the user and not pull up another dialog box. For the IIS user, enter “IIS AppPool\ASP.NET v4.0”.
  5. Click OK
  6. Click OK

[PRINT]© Gallup, Inc. All Rights Reserved. All information contained on this site is the property of Gallup and contains proprietary trade secrets of Gallup. This information is confidential and protected under the confidentiality agreements signed by each Gallup employee, and is to be used solely by Gallup employees in the performance of their responsibilities. None of the information contained in this site is to be copied, viewed, forwarded, downloaded or shred outside of Gallup without permission.

© Gallup, Inc. All Rights Reserved. All information contained on this site is the property of Gallup and contains proprietary trade secrets of Gallup. This information is confidential and protected under the confidentiality agreements signed by each Gallup employee, and is to be used solely by Gallup employees in the performance of their responsibilities. None of the information contained in this site is to be copied, viewed, forwarded, downloaded or shred outside of Gallup without permission.