Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-7871: How to configure and export custom certificate for Centrify Agent

16 December,16 at 02:18 PM

Applies to Centrify Identity Platform

Question:

How to configure self-signed certificate for Centrify Identify Platform?

Answer:
Disclaimer: The below is provided as proof of concept only. For production use, please use a trusted Certificate Authority (CA).

     1.  Export self-signed Root CA certificate:
         
           a. Open mmc.exe and navigate fo File > Add/Remove Snap in
                User-added image
  
             b. Add Certificates as Computer account:
                 User-added image

             c. Expand Trusted Root Certification Authorities > Certificates > Select the root CA certificate
                 User-added image
               
              d. Right-click on the RootCA certificate > All tasks > Export
                  User-added image

              e. At Export File Format selection dialog, select "DER encoded binary X .509(.CER)"
                  User-added image
  
                f. Save the file to a location
                   User-added image

     2. Enroll and export self-signed host certificate:

          a. Open mmc.exe and navigate to File > Add/Remove Snap in
              User-added image
    
          b. Add Certificates as Computer account:
              User-added image

          Note: If there is no certificate template available for the host certificate enrollment, please check KB-2798 for reference.

          c. After having a proper certificate template configured, please enroll it:
               - Right-Click "Certificates" under "Personal" > All Tasks > Request new Certificate...
                  User-added image

                - At the Request Certificates dialog. select the template that was configured previously
                   User-added image

          e. In Personal > Certificates > Right-click the self-signed certificates > All Tasks > Export...
              User-added image

          f. At the Export Private Key dialog, select "Yes, export the private key"
             User-added image

          g. Check the box for "Include all certificates in the certification" and "Export all extended properties"
              User-added image

          h. At the Security dialog, enter a password to protect this cert file which will be used later.
               User-added image

          i. Save the file to a location
             User-added image

For instructions in updating the host certificate for Centrify Identity Platform, please check KB-7991
For instructions in enrolling Centrify Agent on Linux, please check KB-7973
For instructions in enrolling Centrify Toolkit on Linux for self signed certificate, please check KB-7698 (To be deprecated in version 16.12 onwards)

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.