Most common command is to build PFX-file from PEM files:
Identity Manager always has to be signed with corporate or trusted certificates. If vIDM is clustered, sign the load-balanced name with external trusted certificate and the 3 nodes - with certs from corporate CA.
- Go to vIDM web console
- On the top, click the Appliance Settings tab,
- On the left, click the VA Configuration node.
- On the right, click Manage Configuration. You will be redirected to a separate portal
- Login as admin account
- On the left, click Install TLS Certificates.
- On the right, in the upper box, delete the certificate and key that are currently displayed.
- Paste in the new PEM certificate and RSA private key. Paste every certificate in the chain: server + intermediate + root. Click Save.
The order of certificates is important! First server, then intermediate, then root.
Certificate request example (as idm01.domain.local.inf file):
Bat script to submit certificate request:
In order to copy and paste the private key from PFX certificate for vIDM, you need a decrypted version of the key. Use OpenSSL to obtain this key:
Open idm01.domain.local_decrypted.key with a text editor and copy the key from there.
After inserting certificates, click OK to restart vIDM Appliance web service.