Symantec IGA

How to configure an SSL connection to Provisioning Server from Identity Manager 

08-29-2016 12:24 PM

Summary:

This document will walk you through configuring SSL to the Provisioning Server from Identity Manager.

 

Instructions:

 

Provisioning Server Certificate Location:

[Provisioning Server install dir]/data/tls/server/eta2_servercert.pem

 

======================
Example Configuration:
======================

 

Navigate to java installation location:
cd Java\jdk1.7.0_75\bin

 

Execute the following:

keytool -keystore "C:\Program Files\Java\jdk1.8.0_72\jre\lib\security\cacerts" -import -file "C:\Program Files (x86)\CA\Identity Manager\Provisioning Server\data\tls\server\eta2_servercert.pem" -trustcacerts -alias CAServTrusted

Shutdown and then start your application server backup.

 

======================
Next Steps:
======================

 

Connect to the CA Identity Manager Management Console > Directories.

 

Export out your provisioning directory xml.

 

Make the following changes to the "secure" and "port":

<LDAP searchroot="eTNamespaceName=CommonObjects,dc=im,dc=eta" secure="true"/>

&

<Connection host="ProvisioningServerHostName" port="20390"/>

Statistics
0 Favorited
8 Views
0 Files
0 Shares
0 Downloads

Tags and Keywords

Comments

02-22-2017 10:00 AM

Can you add a note or two on how/when this imported SSL certificate may change? I assume it has a predetermined lifetime, and needs to be renewed at some point. I know this is probably well documented in the Provisioning Server docops, but a note on the dependency to keep the Java key store updated would be helpful.

 

Also, this adds another step to the overall operation and management of the system: keeping the cacert in sync between JDK updates.

02-07-2017 12:29 PM

Thank you for sharing this tip with the community Vincent!

How to configure an SSL connection to Provisioning Server from Identity Manager 

Related Entries and Links

No Related Resource entered.