Setting Permissions for the CMS Server Service Account
The CMS Server service account must have these rights to perform the following tasks:
-
Issue and manage certificates
-
Request certificates and
-
Use Enrollment Agent certificates.
To set permissions for WildFly service account, complete the following steps.
-
Open a DOS Command Prompt window.
-
Enter MMC and press Enter to open the Microsoft Management Console.
-
On the File menu, click Add/Remove Snap-in.
-
In the Add Standalone Snap-in window, click Certification Authority, and then click Add.
-
Click Finish, then Close, and then OK.
-
In the console tree, expand Certification Authority, right-click the CA to which you want to set permissions, and then click Properties.
Note: The following illustrations are for Microsoft Windows 2008 and Windows 2012.
-
In Properties, select the Security tab.
-
Click Add. The Select Users, Computers, Service Accounts, or Groups dialog is displayed.
-
Click Locations.
-
Highlight the name of the local computer or domain to which the user belongs.
-
Click OK.
-
In the Enter the object names to select text box, enter the object name.
(Optional) If you do not know the user’s name, click Advanced, and then click Locations. Under Location, click the name of the local computer or domain to which the user belongs, and then click OK. Under Search results, click Find Now, click the user’s name, and then click OK. The name of the local computer or domain to which the user belongs appears in the Enter the object name to select text box.
-
Click Check Names. This displays the name of the local computer or domain to which the user belongs in the text box, as illustrated next.
-
Click OK to add the user name to the Group or user names list in the Properties window, as illustrated next.
-
In the Permissions for <CMS Server User> list (2008 /2012), in the Allow column, select the Issue and Manage Certificates and Request Certificates options (as illustrated on this page).
-
Click OK.
