MOSS Forum

Ask Question   UnAnswered
Home » Forum » MOSS       RSS Feeds

Exporting certificate and using it with ID to run Crawl

  Asked By: Emanuel    Date: Aug 19    Category: MOSS    Views: 1177

Been battling this for a long time and was wondering about this:

I have CAC enabled portals on which it is mandatory the CAC enabling
stay on. What I do now to crawl is turn off the CAC enabling one
weekend a month and crawl. The reason I have to do this is that we
cannot generate admin certs since they are service accounts and only
certs for real people can be created (policy dictates this, not
reality ;) ). I was wondering, what if I export my ID Cert and import
it into the server cert DB. Then I set my account to be the account
that runs the crawls. Does anyone think this would work?



5 Answers Found

Answer #1    Answered By: Kristie Hardy     Answered On: Aug 19

First, if Common Access Card(CAC) smartcard authentication is required and you
turn it off once a month  you are violating policy.
Second, if your network is requiring CAC authentication, access to the internal
portals are already CAC enabled  since SharePoint uses IIS for authentication. If
you have an alternate url configured for external access via https://FQDN/ then
you can configure that web site to require client certificates and map to Active

Answer #2    Answered By: Faith Delgado     Answered On: Aug 19

Ok, I must be missing something. How does this answer my question
or help me crawl  my content to keep my indexes up to date?

Answer #3    Answered By: Alisha Itagi     Answered On: Aug 19

The account  used by the crawler is given read access throughout all the
applications associated with that SSP. I normally do not recommend that
account be one that is used as a logon account. It does not have to be
an admin. Could you create a user account and not call it a service

Answer #4    Answered By: Judy Pittman     Answered On: Aug 19

I wish I could. The whole reason  I haven't tried the other method yet
is because I agree with you. I don't think, and never have, that
using a logon account  to run  a service  is correct. The service
account definitely has access but it is being denied that access
because it does not have a certificate.

BTW - I didn't mention that it is SPS 2003.

Answer #5    Answered By: Christian Waters     Answered On: Aug 19

Don't require client certificates on the IIS and use NTLM Authentication.

Didn't find what you were looking for? Find more on Exporting certificate and using it with ID to run Crawl Or get search suggestion and latest updates.