To connect your IG Server to a domain controller that is configured to communicate using SSL, you need to import the certificate from the domain controller to your IG Server.
How do I...
-
Import a domain controller certificate?
If you have access to the system console of your IG Server, you can follow the steps as described below to complete this task. If you only have remote access, you should enable an SSH session first.Show me how
To enable an SSH session:
-
From the Home page, click System > Security > SSH Access.
SSH configuration options are displayed.
- Click Edit.
- Select the Enable SSH access check box, and type the IP or hostname of the SSH client you want to use to connect to your IG Server.
- Click Save.
-
From the SSH client, connect to your IG Server.
Leaving SSH access enabled for extended periods might represent a security risk. You should consider disabling SSH when not using it.
-
Open a Terminal Session on your IG Server.
A terminal session window is displayed.
- Log in as a user with root privileges.
-
From the command line type the following:
igp-importdccertificate <ip address>where
<ip address>is the IP address of the domain controller.Type igp-importdccertificate -h from the command line for command specific help.
After the import is complete you will prompted to restart the Administrator UI.
-
-
Import a trusted CA certificate?
If your directory server certificate has been issued from a private Certificate Authority (CA) or if your IG Server is unable to contact the CA to verify the certificate, you need to import the certificate chain used to sign the directory server certificate from the CA into the trusted certificate store on your IG Server. To do this:
- Download all certificates in the certificate chain.
-
From the command line, enter the following for each certificate:
keytool -import -alias <signing-certificate-alias> -file <signing-certificate-file> -keystore /etc/pki/java/cacerts -storepass changeit
- When prompted to Trust this certificate, enter yes.