TimWillemstein2 (Customer) asked a question.
Authentication Source - Active Directory - cacerts
Hi,
Which certificate is required to be loaded in the cacerts store for Active Directory authentication with an authentication source?
Assuming I have:
Domain controller Certificate (signed by intermediate)
Intermediate Certificate (signed by root)
Root Certificate
I know loading the Domain Controller certificate works, but it has a higher change rate so more work to rollover.
Would it work if we have the Intermediate + Root certificate loaded?
Bonus question, do we know if authentication source will ever start using the new feature of the certificates that are uploaded in the user interface (like collectors do)?
Trusting the Root CA and the Intermediate CA certificates in the cacerts trust store should be sufficient. Reference:
LDAP authenticator based on Active Directory Identity Collector fails with the error 'Connection could not be established with the directory server' in RSA Identity Governance & Lifecycle
As for the ability to trust CA certificates for authentication sources by uploading those certs on the UI, feel free to submit an idea through the Idea Exchange (https://community.rsa.com/s/idea-exchange).