AnsweredAssumed Answered

Enabling SSL for CA Dir

Question asked by Samatnys on Jul 19, 2018
Latest reply on Jul 19, 2018 by Samatnys

I'm having a very hard time following the CA Dir 14 admin guide concerning SSL.  I have 2 data DSA's that are replicating to each other and being used as a SiteMinder session store.  All is working well.  Now I want to enable SSL on those instances.  I am not using a router but a hardware load balancer for the policy servers to connect to.

 

I have run the 'dxcertgen certreq' command to get the cert request from the first server.  I then sent that to a 3rd party to get my certs back.  I would like to use a single cert for all data DSA's.  The confusing part starts with the admin guide doc.  

 

The section about using a single cert is at the beginning of the SSL discussion.  Mentions using the 'set ssl' and some file called 'config/ssld/personalities/generic.pem' but no mention on how to create that file, where it comes from, what it contains, etc...  and no mention on how to do any of this if you are using the management UI.  I don't want to get burnt by using command line tools only to have config overwritten by the management UI.

 

Is there some tech doc that has a step by step of how to get SSL working from start to finish, using a 3rd party cert (that will also include a cert chain), and using the management UI?  I wish the admin guide was written more as a step by step process.  It feels more like a reference guide to me.

 

Thanks

Outcomes