|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 7.1, 3.0
Platform: External identity sources running on Windows 2008, 2003 using Microsoft Certificate Manager signing authority.
|Issue||There is no documentation on how to obtain the rootCA.cer from an Active Directory domain controller to use for secure https against an Active Directory identity source via port 636|
- Log in DIRECTLY to the domain controller. Do not browse to it. Either RDP to the server or login directly from a monitor/keyboard on the domain controller.
- Using IE, browse to https://localhost:636.
- You will be allowed to view the local certificate when it is presented.
- Select the rootCA certificate and save it using 509 encoded type. Using the rootCA is highly desirable because the length of validity of the cert. A host cert issued from the Microsoft certificate authority typically expires in one year which requires an update annually.
- In the Operations Console, select Deployment Configuration > Certificates > Identity Source Certificates >Add New >Add New Certificate.
- Add a certificate name.
- Browse to the downloaded rootCA certificate saved during steps 1 through 4.
- Click Save.
- You may now use ldaps://<fqdn of domain controller>:636 for your identity source URL.
|Legacy Article ID||a53731|