Chapter 8: Device Management156Enabling the AKC Download Server Certificate ValidationIf you are using the AKC client, you can choose to use the Enable AKCDownload Server Certificate Validation feature or opt not to use thisfeature.Note: When operating in IPv4 and IPv6 dual stack mode with 'EnableAKC Download Server Certificate Validation' feature, Microsoft®ClickOnce® requires that the server certificate CN should not contain azero compressed form of IPv6 address.If it does you will not be able to successfully download and launch AKC.However, this may conflict with browser preferences for the form of theIPv6 address.Use the server hostname in the common name (CN) or includecompressed and uncompressed forms of the IPv6 address in thecertificate's Subject Alternative Name.Option 1: Do Not Enable AKC Download Server CertificateValidation (default setting)If you do not enable AKC Download Server Certificate Validation, allDominion device users and CC-SG Bookmark and Access Client usersmust: Ensure the cookies from the IP address of the device that is beingaccessed are not currently being blocked. Windows Vista, Windows 7 and Windows 2008 server users shouldensure that the IP address of the device being accessed is includedin their browser's Trusted Sites Zone and that Protected Mode is noton when accessing the device.Option 2: Enable AKC Download Server Certificate ValidationIf you do enable AKC Download Server Certificate Validation: Administrators must upload a valid certificate to the device orgenerate a self-signed certificate on the device. The certificate musthave a valid host designation. Each user must add the CA certificate (or a copy of self-signedcertificate) to the Trusted Root CA store in their browser. When using CC-SG neighborhoods, you must enable AKC on eachneighborhood member.To install the self-signed certificate when using Windows Vista®operating system and Windows 7® operating system:1. Include the KX II IP address in the Trusted Site zone and ensure'Protected Mode' is off.