Symantec IGA

 View Only

How to configure an SSL connection to Provisioning Server from Identity Manager 

Aug 29, 2016 12:24 PM


This document will walk you through configuring SSL to the Provisioning Server from Identity Manager.




Provisioning Server Certificate Location:

[Provisioning Server install dir]/data/tls/server/eta2_servercert.pem


Example Configuration:


Navigate to java installation location:
cd Java\jdk1.7.0_75\bin


Execute the following:

keytool -keystore "C:\Program Files\Java\jdk1.8.0_72\jre\lib\security\cacerts" -import -file "C:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\eta2_servercert.pem" -trustcacerts -alias CAServTrusted

Shutdown and then start your application server backup.


Next Steps:


Connect to the CA Identity Manager Management Console > Directories.


Export out your provisioning directory xml.


Make the following changes to the "secure" and "port":

<LDAP searchroot="eTNamespaceName=CommonObjects,dc=im,dc=eta" secure="true"/>


<Connection host="ProvisioningServerHostName" port="20390"/>

0 Favorited
0 Files

Tags and Keywords


Feb 22, 2017 10:00 AM

Can you add a note or two on how/when this imported SSL certificate may change? I assume it has a predetermined lifetime, and needs to be renewed at some point. I know this is probably well documented in the Provisioning Server docops, but a note on the dependency to keep the Java key store updated would be helpful.


Also, this adds another step to the overall operation and management of the system: keeping the cacert in sync between JDK updates.

Related Entries and Links

No Related Resource entered.