Download the Integration Module for Sentinel (driver shim), sentinel_driver_install.exe, from the NetIQ download Web site.
Execute the sentinel_driver_install.exe file on the Windows system, which is either the Identity Manger server or the Remote Loader, depending on where you want to install the driver shim.
Follow the installer prompts.
Once the installation is complete, ensure that you import the certificate since the driver users TLS/SSL protocol to communicate with the server. The type of certificate depends on the Sentinel server configuration:
If your organization has not replaced the default Web server certificate, which is created when the Sentinel server is installed, you must obtain the self-signed certificate from the Sentinel server.
You can obtain this certificate either by using the supplied getcert utility or extracting it from the keystore file on the Sentinel server.
Using the getcert utility
Run the getcert utility on the system where you are running Identity Manager Designer. If the getcert.jar file is not located on the Identity Manager Designer system, you can either copy the getcert.jar file from the system on which you ran the Integration Module installer or install the getcert.jar file directly on the system using the Integration Module installer:
Windows: Locate the getcert.jar file in Windows Explorer and double-click the file.
Linux: Execute the /opt/novell/eDirectory/lib/dirxml/util/sentinel_rest/getcert.jar file by using the following command:
java -jar getcert.jar
Specify the address and port of the Sentinel server and click Get Certificate.
The certificate data is displayed.
Verify the certificate data and if the certificate is correct, click Yes.
Use this certificate data when prompted for the Sentinel TLS/SSL certificate while creating the driver.
For more information, see Step 4 in Creating the Driver.
Obtaining the certificate from the keystore file
Extract the Webserver certificate as the root user, from the following Java keystore file:
/etc/opt/novell/sentinel/config/.webserverkeystore.jks
The keystore password is password.
If your organization has replaced the Sentinel server default Web server certificate with a public key certificate signed by a certificate authority, such as Verisign or Entrust, you must obtain the appropriate trusted root certificate that corresponds to the certificate authority. You can obtain the trusted root certificate from your organization or the certificate authority your organization uses.