CA Directory 12.6.x Installation & Configuration as SSO Policy Store on RedHat 6 64bits:

Blog Post created by Osarobo_Idehen Employee on Oct 15, 2017

CA Directory 12.6.x Installation & Configuration as SSO Policy Store on RedHat 6 64bits:


1) Download install rpm from below:



2) install using below command:

rpm -i <RPM package name>


By defaault the above command installs ca directory in below path:



3) run below commands

# cd /opt/CA/Directory/dxserver
# export DXHOME=`pwd`
# export CAPKIHOME=/opt/CA/Directory/dxserver/lib/capki


4) Change Directory to dxserver bin directory and install dsa:

# cd /opt/CA/Directory/dxserver/bin

# ./dxnewdsa dsapstore2 19999 "dc=training,dc=com"


5) Create a CA Single Sign-On schema file by copying the default.dxg schema file and renaming it.

# cd /opt/CA/Directory/dxserver/config/schema

# cp -p default.dxg dsapstore2.dxg


6) copy below files from SSO policy server to the dxserver schema directory:


Note: The netegrity.dxc file is installed with the Policy Server in policy_server_home\eTrust. The etrust.dxc file is installed with the Policy Server in siteminder_home\xps\db


7) Edit the DSA's DXI file (DSA_Name.dxi) by changing the schema from default.dxg to the new SiteMinder schema file.

# cd /opt/CA/Directory/dxserver/config/servers

# vi dsapstore2.dxi

# schema
source "../schema/default.dxg";
# schema
source "../schema/ps12sp3cr08.dxg";

at the end of the file, add :

# cache configuration
set ignore-name-bindings=true;


8) Copy the default limits DXC file of the DSA (default.dxc) to create a CA Single Sign-On DXC file.

# cd /opt/CA/Directory/dxserver/config/limits

# cp default.dxc dsapstore2.dxc


9) Edit the settings in the new DXC file to match the following:

# size limits
set max-users = 1000;
set credits = 5;
set max-local-ops = 1000;
set max-op-size = 4000;
set multi-write-queue = 20000;


10) Edit the DXI file of the DSA (DSA_Name.dxi) by changing the limits configuration from default.dxc to the new CA Single Sign-On limits file.

# cd /opt/CA/Directory/dxserver/config/servers

# vi dsapstore2.dxi


# service limits
source "../limits/default.dxc";


# service limits
source "../limits/dsapstore2.dxc";

11) stop and restart the DSA using the following commands

./dxserver start dsapstore2

./dxserver stop dsapstore2

12) Connect to DSA via jxplorer using below base DN:

Configure the dxserver as Policy Store

connect host hostname.training.com as anonymous

Select the root element of your DSA.
Create an organizational unit under the root element called:

Create an organizational unit (root element) under Netegrity called:

Create an organizational unit (root element) under SiteMinder called:

Create an organizational unit (root element) under PolicySvr4 called:
The base tree structure is created.


create a user under dc=training,dc=com as cn=admin,dc=training,dc=com
cn of the user will be cn=admin
sn of the user will be sn=admin
edit the userpassword and set "password" as firewall
this user should have objectClass :


Configure the connection to the Policy Store with

Admin Username : cn=admin,dc=training,dc=com
Password : firewall
Confirm Password : firewall
Root DN : dc=training,dc=com

14) Bring up smconsole and Point the Policy Server to the Policy Store


15) From smconsole click Key Store and select

LDAP > Use Policy Store database


16) Copy the smreg utility to siteminder_home\bin and run below:

# smreg -su firewall


17) Import the Policy Store Data Definitions

# cd /F6/CA/siteminder/xps/dd

# XPSDDInstall SmMaster.xdd


18) Import the Default Policy Store Objects

# cd /F6/CA/siteminder/db

# XPSImport smpolicy.xml -npass
# XPSImport ampolicy.xml -npass
# XPSImport fedpolicy-12.5.xml -npass
# XPSImport default-fedobjects-config.xml -npass


19) Register the AdminUI with the Policy server

# XPSRegClient siteminder -adminui-setup

password: firewall