5.1 Securing Communication with Azure AD Graph

To set up SSL between the driver and Azure AD graph REST endpoints, perform the following steps:

  1. Open the following URL from your browser:

    https://graph.windows.net/

  2. Obtain the public certificate and import it into the keystore.

    For example, if you are using Mozilla Firefox, perform the following steps:

    1. In the address bar, click and then click next to graph.windows.net.

    2. Select Certificate (Valid). The certificate is displayed.

    3. Click Certification Path. The Certification Path displays the hierarchical structure of the structure of all the certificates.

    4. Select the root certificate (the top most parent certificate), and click View Certificate. The root certificate is displayed.

    5. To save the certificate to your system, click Details > Copy to File > Next > Next.

    6. Enter a filename for the certificate and save it to a location as required.

    7. Add the exported key to the driver keystore using the following Java keytool command:

      You might have to create a new keystore(.jks file), if one such file doesn’t exist already. This keystore file will contain the public certificate of the Azure graph endpoint and the exchange service certificate.

      keytool -import -file <path to the graph cert file>\<certname.crt> -keystore <mykeystore> -alias <aliasname>

      For example: keytool -import -file azuread.crt -keystore azuread.jks -alias azuread.

      NOTE:

      • Ensure to place the new keystore in IDM Server. In case of Remote Loader place the keystore file in the system where the Azure AD driver is running.

      • Ensure that you follow the above steps to import all the certificates into the keystore.