33.8 Finishing 64-bit Webgate Installation

You can complete installation of a 64-bit Webgate. Then confirm the installation on IIS and implement Windows impersonation.

You can skip this section if you are installing a 32-bit Webgate. In this case, see instead, "Completing Webgate Installation with IIS".

Before you start tasks here, be sure that you have completed Webgate installation according to information in Registering and Managing 10g WebGates with Access Manager 11g. You must also have completed Web server configuration updates for this Webgate either automatically during Webgate installation or manually, as described in "Webgates for IIS v6".

Task overview: Finishing the installation of a 64-bit Webgate:

  1. Perform steps in "Setting Access Permissions, ISAPI filters, and Directory Security Authentication".
  2. Enable client certificates, if desired. See "Setting Client Certificate Authentication".
  3. When finished, you can:

33.8.1 Setting Access Permissions, ISAPI filters, and Directory Security Authentication

Unless explicitly stated, this topic applies equally to 32-bit and 64-bit Webgates. It describes setting access permissions for the Web site that you are using as a default.

To set or confirm access Permissions, ISAPI filters, and Directory Security Authentication:

  1. Start the Internet Service Manager. For example, from the Start menu click Programs then click Administrative Tools, and click Internet Service Manager.

  2. Expand the local computer by clicking +, in the left panel.

  3. Click to expand the Web Sites tab.

  4. Right-click Default Web Site (or the site you are using as a default), and create a virtual directory as described in "Protecting a Web Site When the Default Site is Not Setup".

  5. Right-click Web Sites in the Internet Information Services tab, click Properties, and perform the following steps:

    1. From the Internet Information Services tab, click the Edit button.

    2. Locate the ISAPI filter tab to confirm (or add) the filter DLLs, as follows:

      Filter: If you updated the IIS Web server configuration file, webgate.dll should be properly located.

      No Filter: Add the webgate.dll filter from Webgate_install_dir\oblix\access\apps\webgate\bin\webgate.dll

    3. Save and apply any changes.

    4. Click the Directory Security tab and confirm that both Anonymous Access and Basic Authentication are selected.

      Selected: Proceed to Step 6.

      Not Selected: Select Anonymous Access and Basic Authentication, then save and apply these changes.

  6. Proceed as follows:

33.8.2 Setting Client Certificate Authentication

This task is optional and should be performed only if you want to use client certificate authentication. In this case, IIS and Webgate must be SSL-enabled.

Information in this topic is a sub set of details in "Enabling Client Certificate Authentication on the IIS Web Server".

To add cert+authn.dll as an ISAPI filter:

  1. Start the Internet Information Services console, if needed: Click Start, Programs, Administrative Tools, Internet Service Manager.

  2. Expand the local computer to display your Web Sites.

  3. Right-click the Default Web Site (or the Web site that you use as a default), then expand \access\oblix\apps\webgate\bin.

  4. Right click cert_authn.dll and select Properties, then:

    1. In the Properties panel, select the File Security tab.

    2. In the Secure Communications sub-panel, click Edit.

    3. In the Client Certificate Authentication sub-panel, click Accept Certificates and click OK.

    4. Click OK in the Secure Communications panel.

    5. Click OK in the cert_authn.dll Properties panel.

  5. Click the ISAPI Filters tab, click the Add button to display the Filter Properties panel, and then:

  6. Ensure the filters are listed in the correct order, as described in "Ordering the ISAPI Filters".

  7. Proceed to "Confirming Webgate Installation on IIS".