Symantec Access Management

Tech Tip : CA Single Sign-On : CA directory 14 set up 

  • 1.  Tech Tip : CA Single Sign-On : CA directory 14 set up 

    Posted 06-18-2018 08:07 AM

    Question:


    I am setting up CA directory as Policy Store.

    I am using the CA Dir 14 and using management Ui for creating DSA, it says to add certs.

    Which certificates do I need to paste here ?

     

    Answer:

     

    On the Agent where you've installed a dxagent, you have to find the
    certificates :

    $DXHOME/dxagent/openssl-ca/CA/certs/ca.pem
    $DXHOME/dxagent/openssl-ca/out/[Client Cert Name].pem

    and the key

    $DXHOME/dxagent/openssl-ca/out/{agent name set during dir install}.key

    This next one should be set in your browser which will access the
    host :

    $DXHOME/dxagent/openssl-ca/out/[Client Cert Name].p12

    If there's no certificate on your dxagent, you can create them using

    $DXHOME/dxagent/setup_dxagent.[sh|bat]

    A host or a dxagent are 2 different terms for the same concept. As per
    doc :

    "A host or dxagent is a single computer with CA Directory installed
    on it."

    You have defined an Environment where you'll set more than 1 dxagent
    (hosts). On the host you define will correspond to the DSA. So in the
    environment, you'll see the status of all of them.

    As connections to all the dxagent are done in SSL, so each dxagent
    (host) should have its certificates.

     

    Additional Information:

     

    Manage Environments
    https://docops.ca.com/ca-directory/14-0/en/administrating/using-directory-management-ui/manage-environments-and-hosts


    KB : KB000102339