5.2 Securing Communication with Identity Manager Exchange Service

To set up SSL between the driver and Identity Manager Exchange Service, you need to create and import a server certificate into the root certificate store of the Windows server where the service is deployed. The following procedure assumes eDirectory as the Certificate Authority (CA).

  1. Create a server certificate.

    1. In iManager, log in to the connected eDirectory server with administrator rights.

    2. Click Roles and Tasks > NetIQ Certificate Server > Create Server Certificate.

    3. Select the server and provide a nickname for the certificate.

      The nickname is same that you specified for Certificate Alias while installing Identity Manager Exchange Service. For more information see Step 6.

    4. Click Next, then click Finish to complete the certificate creation.

  2. Import the server certificate from the connected eDirectory server and save it to a file in the pfx format.

    1. In iManager, log in to the connected eDirectory server with administrator rights.

    2. Click Roles and Tasks > NetIQ Certificate Access > Server Certificates, then select any server certificate.

    3. Click Export.

    4. Select the certificate by nickname and select Export Private Key.

    5. Enter the password and click Next.

    6. To save the certificate to a file, click Save the exported certificate.

  3. Import the certificate to the trusted store of the Windows server on which you will run Identity Manager Exchange Service.

    1. Copy the .pfx file to the Windows server.

    2. Click Start > Run> mmc.

    3. Click File > Add/Remove Snap-in.

    4. Select Certificates and click Add to import this snap-in by choosing Computer account.

    5. Click Finish.

    6. Navigate to Certificates > Trusted Root Certification Authorities.

    7. Right-click and then select All Tasks > Import.

    8. On the Welcome to the Certificate Import Wizard page, click Next.

    9. Click Browse and select the eDirectory certificate you exported in Step 2.

    10. Specify the password and click Next.

    11. Click Finish to import the certificate into the trust store.

  4. Start Identity Manager Exchange Service. For more information, see Verifying and Starting the Identity Manager Exchange Service.

  5. Open the following Exchange service URL from your browser:

    https://<Exchange_Service>:Port/ExchServer

  6. Obtain the public certificate and import it into the same keystore which was created for the Azure graph endpoint.

    For example, perform the following steps to obtain a public certificate on Google Chrome:

    1. Click from the address bar and then click Details.

    2. In the Security tab, click View Certificate.

    3. In the Details tab, click Copy to File.

    4. In the Certificate Import Wizard, click Next.

    5. Select DER encoded binary and click Next.

    6. Click Browse and navigate to the directory where you want to save the certificate.

    7. Specify a name for the certificate and click Next.

    8. Click Finish to complete the export.

    9. Add the exported key to the driver keystore by using the following Java keytool command:

      keytool -import -file <path to the exchange cert file>\<certname.cer> -keystore <mykeystore> -alias <aliasname>