Skip to main content
Deploy the Microsoft IIS service in CryptoHub first. This service’s role owns the key store where the TLS key pair is generated and holds the certificate you issue through PKI Management; you grant that role Use on the key and certificate later. The client endpoint you add to this service (next section) installs the FXCL CNG provider on the IIS server and authenticates it back to this service.
Deploy the Microsoft IIS service template, which drives the libfxcl-cng.dll install and grants the role the certificate and key permissions this integration needs. Note the role name assigned to the service during deployment; you reference it when you create the container, key store, and certificate in Create and export the key and certificate on the CryptoHub.
Complete the following steps to deploy the service in CryptoHub:
1
Log in to the CryptoHub under dual control using your administrator identities.
2
Select the Microsoft IIS service and select [ Deploy ].
3
Configure the following Service Setup settings:
  • Service Name: The name of the application. Leave as default.
  • Service Category: The category the service falls under. Leave as default.
Select [ Next ].
4
Configure the following Access Control settings:
  • Authorized Resources: The role you are logged in with has access to the service by default.
  • Add Additional Resources: Optional.
Select [ Next ].
5
Configure the following Service Info setting:
  • Authentication Mechanism: Leave it set to the default authentication mechanism.
Select [ Deploy ].
The Microsoft IIS service is deployed and visible in CryptoHub, with a role assigned to it. Note the role name; you grant it Use on the key and certificate.
Continue to Install and configure FXCL CNG to add a client endpoint to this service and install the provider on the IIS server.