Previous Topic: Install CA ControlMinder Enterprise Management on WindowsNext Topic: Install the CA SiteMinder Policy Server


Configure Enterprise Management Server to connect on Active Dirctory SSL port

Follow these steps:

  1. Stop the JBoss service and set the service Startup Type to Manual.
  2. Navigate to the following directory:
    JBoss_HOME/default/deploy/IdentityMinder.ear/management_console.war/WEB-INF
    
  3. Open the web.xml file in edit mode.
  4. Set the <param-value>true</param-value> for the AccessFilter section and save and close.

    Note: This step is required to enable the CA Identity Minder Management console.

  5. Start the JBoss service.
  6. Using a Web browser, open the CA Identity Minder Management console and click Continue.
  7. Click Directories, ac-dir, Export, and click then Save.
  8. Specify the location where you want to save the ac-dir.xml file and back up the xml file.
  9. Open one of the ac-dir.xml files in the edit mode and make the following changes:
    <LDAP searchroot="DC=cmlab,DC=ca,DC=corp" secure="true"/>
    <Connection host="KUMVI10-TEST.cmlab.ca.corp" port="636"/>
    <Container objectclass="top,organizationalUnit" attribute="ou" value=""/>
    
  10. Click Directories, ac-dir, and the Update button.
  11. Browse to the ac-dir.xml file you edited and click Finish.

    The ac-dir is updated with the new port values. Errors are noted at the bottom.

  12. Click Continue.
  13. Stop the JBoss service.
  14. Back up the ssl.keystore file from the following location:
    JBoss _HOME/server/default/deploy/IdentityMinder.ea/custom/ppm/truststore.
    
  15. Import the certificate into the JBoss key store with the following command:
    keytool -import -keystore "jBoss_HOME/server/default/deploy/IdentityMinder.ear/custom/ppm/truststore/ssl.keystore" -alias "<ALIAS NAME>" -file "<Certificate File Name>.cer"
    
  16. Enter the certificate password,“secret”.

    Note: The certificate must be trusted during the import.

  17. Update the run.bat file with the following line:
    set JAVA_OPTS=%JAVA_OPTS% -Xms256m -Xmx1408m -Djavax.net.ssl.trustStore="%SYSTEMDRIVE%\jboss-4.2.3.GA\server\default\deploy\IdentityMinder.ear\custom\ppm\truststore\ssl.keystore".
    
  18. Save the file and start JBoss.
  19. Using a web browser, open the CA Identity Minder Management Console.
  20. Go to Directory, ac-dir to check and verify that your Enterprise Management environment is connecting with SSL.
  21. Access the Enterprise Management URL with the SSL port and verify that you are able to log in to Enterprise Management.