Symantec IGA

View Only

Back to Library

How to configure an SSL connection to Provisioning Server from Identity Manager

Recommend

Aug 29, 2016 12:24 PM

Anon Anon

Summary:

This document will walk you through configuring SSL to the Provisioning Server from Identity Manager.

Instructions:

Provisioning Server Certificate Location:

[Provisioning Server install dir]/data/tls/server/eta2_servercert.pem

======================
Example Configuration:
======================

Navigate to java installation location:
cd Java\jdk1.7.0_75\bin

Execute the following:

keytool -keystore "C:\Program Files\Java\jdk1.8.0_72\jre\lib\security\cacerts" -import -file "C:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\eta2_servercert.pem" -trustcacerts -alias CAServTrusted

Shutdown and then start your application server backup.

======================
Next Steps:
======================

Connect to the CA Identity Manager Management Console > Directories.

Export out your provisioning directory xml.

Make the following changes to the "secure" and "port":

Statistics

0 Favorited

11 Views

0 Files

0 Shares

0 Downloads

Tags and Keywords

Comments

Stephan vanBeerschoten

Feb 22, 2017 10:00 AM

Can you add a note or two on how/when this imported SSL certificate may change? I assume it has a predetermined lifetime, and needs to be renewed at some point. I know this is probably well documented in the Provisioning Server docops, but a note on the dependency to keep the Java key store updated would be helpful.

Also, this adds another step to the overall operation and management of the system: keeping the cacert in sync between JDK updates.