How to:How can one add a certificate to Linux/Unix without using Group Policy?
Steps:Export the certificate:
1. Select the trusted root certificate you downloaded, right-click, then click Open.
2. Click the Details tab and click Copy to file to start the Certificate Export Wizard, then click Next.
3. Select DER encoded binary X.509 (.CER) as the file format, then click Next and Save the certificate.
Move the certificate to the server:
4. Place the certificate in /var/centrify/net/certs/ on the local Linux/Unix server.
Version 5.4.2 and greater:
5. Edit /etc/centrifydc/centrifydc.conf
6. To add certificates:
Add name/s of cert/s to: gp.mappers.certgp.pl.additional.cafiles: sample.cer
To exclude certificates:
Add name/s of cert/s to: gp.mappers.certgp.pl.exclude.cacerts: sample.cer
7. Run adreload and adgpupdate
Version 5.4.1 and below:Replace and edit certgp.pl:
5. Replace /usr/share/centrifydc/mappers/machine/certgp.pl with the patched one attached to this KB. If you make a backup ensure its in a different location. If this is in the same location this will break and not work.
6. Edit certgp.pl - change test.cert to the name of your cert from step 4.
my @additional_certs = (
"test.cert",
);
7. Make sure the script is executable:
chmod 755 certgp.pl
Update and Verify:
7. adgpupdate
8. Verify Cert is in /var/centrify/net/certs/ with symbolic links created.
Additionally:
One can exclude certain certificates using the certificates fingerprint. Change the following in certgp.pl:
my @excluded_cert_fingerprints = (
#"8317DBD51291437B7F378E55DCB73E086D03A4C6",
#"D53BD95928D5FEB3761E845DF90BE4571E760B7E",
);