How to configure self-signed certificate for Centrify Privileged Access Service?
Answer: Disclaimer: The below is provided as proof of concept only. For production use, please use a trusted Certificate Authority (CA).
1. Export self-signed Root CA certificate:
a. Open mmc.exe and navigate fo File > Add/Remove Snap in
b. Add Certificates as Computer account:
c. Expand Trusted Root Certification Authorities > Certificates > Select the root CA certificate
d. Right-click on the RootCA certificate > All tasks > Export
e. At Export File Format selection dialog, select "DER encoded binary X .509(.CER)"
f. Save the file to a location
2. Enroll and export self-signed host certificate:
a. Open mmc.exe and navigate to File > Add/Remove Snap in
b. Add Certificates as Computer account:
Note: If there is no certificate template available for the host certificate enrollment, please check KB-2798 for reference.
c. After having a proper certificate template configured, please enroll it: - Right-Click "Certificates" under "Personal" > All Tasks > Request new Certificate...
- At the Request Certificates dialog. select the template that was configured previously
e. In Personal > Certificates > Right-click the self-signed certificates > All Tasks > Export...
f. At the Export Private Key dialog, select "Yes, export the private key"
g. Check the box for "Include all certificates in the certification" and "Export all extended properties"
h. At the Security dialog, enter a password to protect this cert file which will be used later.
i. Save the file to a location
For instructions in updating the host certificate for Centrify Privileged Access Service, please check KB-7991 For instructions in enrolling Centrify Agent on Linux, please check KB-7973 For instructions in enrolling Centrify Toolkit on Linux for self signed certificate, please check KB-7698 (To be deprecated in version 16.12 onwards)