Partner Applications with IIS

Creating a user

  1. Open the Computer Management program and add a new user to run the web application. (Start > Control Panel > Administrative Tools > Computer Management)
  2. Go to Local Users and Group > Users > right click to add New Users and name it. Create a strong password and set it to not expire.

The user should have the minimum access required to run your site.

Configure the certificate snap-in

You will need to configure the certificate snap-in if you have not already done this.

  1. Start > Run > MMC
  2. File > Add/Remove Snap-in
  3. Select Certificates and click Add
  4. Select Computer Account in the pop-up dialog and click Next button.
  5. Select Local Computer in the dialog and click Finish button.
  6. Click OK in the Add or Remove Snap-ins dialog.

Installing the Certificates

You will need your self signed certificate and the Xero Entrust Certificate. Both of these are installed into the Personal folder.

  1. Open the Certificates (Local Computer) > Personal > Certificates node.
  2. Right click in the middle pane and select All Task > Import…
  3. Click Next at the Welcome to the Certificate Import Wizard
  4. Select the file for the certificate. If you are not prompted to the enter password, you have probably selected a .cer file by mistake. Click Next to continue.
  5. Set the imported certificate to be exportable. (This is not strictly needed but can help on Windows 7)
  6. Click Next to verify that the certificate will be placed in the Personal certificate store.
  7. Click Finish to complete the operation.
  8. Repeat steps 1-7 for your self signed certificate.

There should now be three extra certificates in the personal store.

Secure the certificates

  1. Right click a certificate and select All Tasks > Manage Private Keys…
  2. Select the user you created earlier and give it full control to the certificate.
  3. Repeat steps 1-2 for the other two certificates.
  4. Move the Commercial Private Sub CA1 certificate and your self signed certificate to the Trusted Root Certificate Authorities. You can drag and drop in the UI.

Application Pool creation

  1. Using IIS Manager, create an application pool for your partner application and assign the new user to it.
  2. Use Advanced Settings… To set the Identity for the application pool to be the user you created earlier.
  3. Select a Custom account
  4. Enter the name and password for your user. There is not a way to browse for the user.
  5. Create a web site in IIS and set the application pool to be the one you just created above.
  6. Set all other values as appropriate for your site.

Everything should now be ready for your partner application to connect to Xero.