How to Export Active Directory Root Certificate to Enable SSL for RSA SecurID Cloud Authentication Service Idenity Source
Originally Published: 2019-08-13
Article Number
Applies To
Issue
The required certificate is the root certificate for the Active Directory server(s) underlying the logical Identity Source. If the root certificate file is not readily available it must be exported from the Active Directory server.
Tasks
- On the Active Directory server start a command shell (cmd.exe) and "Run As Administrator"
- Execute command: certutil -ca.cert client.crt
- Cut and paste the certutil output beginning with -----BEGIN CERTIFICATE----- and ending with -----END CERTIFICATE into a new text file. This is the desired root certificate in PEM format. See below, for example, certutil execution.
- Choose the created text file when configuring the Identity Source SSL Certificate.
C:\Users\Administrator>certutil -ca.cert client.crt CA cert[0]: 3 -- Valid CA cert[0]: -----BEGIN CERTIFICATE----- MIIDazCCAlOgAwIBAgIQGzwrIxZ9JoNKYQp4RuJ35DANBgkqhkiG9w0BAQUFADBI MRMwEQYKCZImiZPyLGQBGRYDY29tMRcwFQYKCZImiZPyLGQBGRYHZXhhbXBsZTEY MBYGA1UEAxMPZXhhbXBsZS1EQzAxLUNBMB4XDTE1MDMyNjEyMTAxM1oXDTI1MDMy NjEyMjAxMlowSDETMBEGCgmSJomT8ixkARkWA2NvbTEXMBUGCgmSJomT8ixkARkW B2V4YW1wbGUxGDAWBgNVBAMTD2V4YW1wbGUtREMwMS1DQTCCASIwDQYJKoZIhvcN AQEBBQADggEPADCCAQoCggEBAMFhTzxdREIIRVWOK4M+EYcmIjd2SQjxa4gE7J8G b9y1pGIXVC80UUESa1HXvCi+YaZ6UY204lmQBARwHX4Fu81WTK3bf5+rs670Lmm2 u0QrovxXD4SE2bhNUG+D7K+yEzDS/OEZB+Ls9Wv0UQ/x1bwtQyePxCxuLy94GKc8 eI4z1dyJbFIKTKu/fF9P/TDp77SxUenQrFzrWb8nyFPNFcZzdcymbyOgGNVy0UZe RrLvEtHI0pqRSgADs/jLRpK7IRszF7ofhKqRkg3488q+R7skn3c0LNpPYaPBbkFH crX1IBuPUTu3dqnr+suwqNOOOvhuAowtIegOA/RmbglyH0cCAwEAAaNRME8wCwYD VR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFPHQsRA70LbC0A8X hozXZdwFtK2PMBAGCSsGAQQBgjcVAQQDAgEAMA0GCSqGSIb3DQEBBQUAA4IBAQBq 4Bhg5aNN6Vc9MVig6gPSfmaLpGdkq+XdhzNB9gT/1HmP0eGiJqGWYjVQjXdy1JCi Fpo0OxpbI1jkpRw78VwYUe8Lq9O7Tz+gBJbk6fnBGR+v0vNQVYeytmVi2fOYKkoc dmHPsUiQYqqPt/E6pLHEYIIJKGl1K9AmviI5vVDSqxanfXt4aMqdwU4VDL5VY6mM leG3TSkI7b/1KRSIkIaJcrstR9HjCc3wqro70VITFRYUZyo01x3ELEHZ8clncf+v EiV6RXzzLhFeADNNwdO8sUAbRSf2LUERb3mo4oGa6X1UKKdWh0A9nOyWIKGrmF+R FXdhd08js7jbL+3AcofC -----END CERTIFICATE----- CertUtil: -ca.cert command completed successfully.
Related Articles
Technical/Business Owner of a Directory cannot edit Application Roles and Entitlements in RSA Governance & Lifecycle Number of Views RSA Authentication Manager 8.4 Hardware Appliance Getting Started (Model 250 and Model 130) Number of Views RSA Authentication Manager 8.4 Hardware Appliance Getting Started (Model 350 and Model 130) Number of Views Entitlement Relationships are getting rejected in MAEDCs in RSA Governance & Lifecycle Number of Views RSA Identity Governance and Lifecycle Q4 2016 Appliance Updater reports a failure installing Oracle patch 24315824 Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
Don't see what you're looking for?
