Partner Applications with IIS
Creating a user
- Open the Computer Management program and add a new user to run the web application. (Start > Control Panel > Administrative Tools > Computer Management)
- Go to Local Users and Group > Users > right click to add New Users and name it. Create a strong password and set it to not expire.
The user should have the minimum access required to run your site.
Configure the certificate snap-in
You will need to configure the certificate snap-in if you have not already done this.
- Start > Run > MMC
- File > Add/Remove Snap-in
- Select Certificates and click Add
- Select Computer Account in the pop-up dialog and click Next button.
- Select Local Computer in the dialog and click Finish button.
- Click OK in the Add or Remove Snap-ins dialog.
Installing the Certificates
You will need your self signed certificate and the Xero Entrust Certificate. Both of these are installed into the Personal folder.
- Open the Certificates (Local Computer) > Personal > Certificates node.
- Right click in the middle pane and select All Task > Import…
- Click Next at the Welcome to the Certificate Import Wizard
- Select the file for the certificate. If you are not prompted to the enter password, you have probably selected a .cer file by mistake. Click Next to continue.
- Set the imported certificate to be exportable. (This is not strictly needed but can help on Windows 7)
- Click Next to verify that the certificate will be placed in the Personal certificate store.
- Click Finish to complete the operation.
- Repeat steps 1-7 for your self signed certificate.
There should now be three extra certificates in the personal store.
Secure the certificates
- Right click a certificate and select All Tasks > Manage Private Keys…
- Select the user you created earlier and give it full control to the certificate.
- Repeat steps 1-2 for the other two certificates.
- Move the Commercial Private Sub CA1 certificate and your self signed certificate to the Trusted Root Certificate Authorities. You can drag and drop in the UI.
Application Pool creation
- Using IIS Manager, create an application pool for your partner application and assign the new user to it.
- Use Advanced Settings… To set the Identity for the application pool to be the user you created earlier.
- Select a Custom account
- Enter the name and password for your user. There is not a way to browse for the user.
- Create a web site in IIS and set the application pool to be the one you just created above.
- Set all other values as appropriate for your site.
Everything should now be ready for your partner application to connect to Xero.