Symantec IGA

  • Private Community
Back to discussions
Expand all | Collapse all

For customers using Identity Manager - Steps to address expired 6 Oct 2017 Provisioning certificates in IdentityMinder

  • 1.  For customers using Identity Manager - Steps to address expired 6 Oct 2017 Provisioning certificates in IdentityMinder

    Posted Oct 07, 2017 08:43 PM

    These consolidated steps should help address this problem as noted in recent advisory quickly

     

    On each of Provisioning Server (where you typically have imps-router DSA running):

     

    • Copy the provided 'impd_trusted.pem' in DXHOME\config\ssld location overwriting the existing one.
    • Rename the provided imps-router.pem to reflect the local (original name) and copy that into DXHOME\config\ssld\personalities location overwriting the existing one.
    • Delete any other .pem files related to 'imps' and 'impd' you have in there.
    • Basically on each Provisioning Sever host, you will end up with only one router .pem file reflecting the local router name.

     

    On each of Provisioning Directory Server (where you typically have impd-main, impd-inc, impd-co and impd-notify DSAs running):

     

    • Copy the provided 'impd_trusted.pem' in DXHOME\config\ssld location overwriting the existing one.
    • Rename the provided impd file to match the local hostname (you will have total of 4 files) and copy that into DXHOME\config\ssld\personalities location overwriting the existing ones.
    • Delete any other .pem files related to 'imps' and 'impd' you have in there.
    • Basically on each Provisioning Directory host, you will end up with only four impd .pem file reflecting the four local data DSA names.

     

     

    Now back to main topic:

     

    Main docops link: https://docops.ca.com/ca-identity-manager/12-6-8/EN/upgrading/upgrade-provisioning-components/update-your-provisioning-certificates

     

    TEC1561732 link: https://support.ca.com/us/knowledge-base-articles.TEC1561732.html

    (Note - if you experience a broken docOps link in above tec doc, please go directly to

    Update Your Provisioning Certificates - CA Identity Manager - 12.6.8 - CA Technologies Documentation )

     

    attached both set (SHA-1 and SHA-2) of certs to this doc for easy access 

     

    For IDMGR 12.6.04 and above, one can follow what is provided in docops.

     

    For IDMGR 12.6.01 to 12.6.03 same instructions that is available in docops + KB TEC1561732

    This KB replaces the jiam.jar section that is mentioned in docops instructions.

     

    For IDMGR 12.5.x use the attached SHA-1 signed certs + KB TEC1561732

     

    This KB replaces the jiam.jar section that is mentioned in docops instructions.

    Attachment(s)

    zip
    ootb_certs_SHA1 (2).zip   30 KB 1 version
    zip
    ootb_certs (1).zip   8.81 MB 1 version