The following configuration information is for signed approvals using PKCS12. Obtain a certificate and private key, and then export them to a PKCS#12 keystore. For example, if using a Microsoft CA, you would follow steps similar to these:
Identity Manager now requires at least JRE 1.5.
Using Internet Explorer, browse to http://IPAddress/certsrv and log in with administrative privileges.
Select Request a certificate, and then click Next.
Select Advanced request, and then click Next.
Select User for Certificate Template.
Select these options:
Click Submit, and then click OK.
Click Install this certificate.
Select Run -> mmc to launch mmc.
Add the Certificate snap-in:
Select Console -> Add/Remove Snap-in.
Select Computer account.
Click Next, and then click Finish.
Go to Certificates -> Personal -> Certificates.
Right-click Administrator All Tasks -> Export.
Click Next to confirm exporting the private key.
Provide a password, and then click Next.
Click Next, and then click Finish. Click OK to confirm.
Note the information that you use in step 10l (password) and 10m (certificate location) of the client-side configuration. You will need this information to sign approvals.