Symantec IGA

Expand all | Collapse all

Where do i need SSL Communication?

Jump to Best Answer
  • 1.  Where do i need SSL Communication?

    Posted 09-05-2016 11:36 AM

    Hello guys.

     

    Lets say I have the follwing architecture

     

    1- Connector Server

    1- IDM Server

    1- Provisioning Server

    1- Provisioning Directory Server

    1- Active Directory Server

     

    And i want to configure the CA IDM solution for provisioning on AD and password reset task.

     

    My questions are:

     

    1) What kind of certificate do i requiere for SSL communication?

    2) On which of the server do i need the certificate to be imported?

     

    Thanks in advanced



  • 2.  Re: Where do i need SSL Communication?

    Posted 09-05-2016 02:16 PM

    Hi JeanFranco

     

    The SSL certificate must be applied on the server where application server to IM is located and ActiveDirectory server connected to IM. And obviuosly on the server that is the certification authority within the enviroment of your organization.

     

    The SSL certificate must be created as a certificate server administrator and applied to path indicated in the documentación from trusted root certificates.

     

    how to create a SSL certificate you can consult on Microsft TechNet and this may be a Little different depending on the version of Windows server used by your organization

     

    I can share with you a guide from Microsoft but is associated with Windows server 2008 R2 and I do not kwon your server environment.



  • 3.  Re: Where do i need SSL Communication?

    Posted 09-05-2016 02:24 PM

    JeanFranco

     

    additionally you should be sure that your servers has 128bits cipher strength available



  • 4.  Re: Where do i need SSL Communication?
    Best Answer

    Posted 09-05-2016 02:47 PM

    JaeanFranco

     

    Sorry I was thinking of a single-server architecture (IDM server and provisioning server together). In a distributed architecture SSL certified must be on the provisioning server.