6.2 Configuring the Subscriber Channel

The Subscriber channel sends information from the Identity Vault to the Web service. To establish a secure connection for the Subscriber channel, you need a trust store containing a certificate issued by the certificate authority that signed the server’s certificate. See Configuring the Publisher Channel for an example.

  1. Make sure you have a server certificate signed by a certificate authority.

  2. Import the certificate into your trust store or create a new trust store by entering the following command at the command prompt:

    keytool -import -file name_of_cert_file -trustcacerts -noprompt -keystore filename -storepass password

    For example:

    keytool -import -file tree_ca_root.b64 -trustcacerts -noprompt -keystore dirxml.keystore -storepass novell

    For more information on keytool, see Keytool - Key and Certificate Management Tool.

  3. Configure the Subscriber channel to use the trust store you created in Step 2:

    1. In iManager, in the Roles and Tasks view, click Identity Manager > Identity Manager Overview.

    2. Locate the driver set containing the SOAP driver, then click the driver’s icon to display the Identity Manager Driver Overview page.

    3. On the Identity Manager Driver Overview page, click the driver’s icon again, then scroll to Subscriber Settings.

    4. In the Keystore File setting, specify the path to the trust store you created in Step 2.

  4. Click Apply, then click OK.

NOTE:To use TLSv1 instead of SSLv3 in the HTTP client, change the JVM setting for the driver by using one of the following methods:

In Designer, right-click the driver set containing this driver. Click Properties >Java and set the JVM option as Dhttps.protocols=TLSv1 in the window that opens up. Click Apply and then click OK.

In iManager, navigate to the Edit Driver Set properties page, click the Misc tab and set the JVM option as Dhttps.protocols=TLSv1.

If the driver is using the Remote Loader, set the -javaparam option to DHOST_JVM_OPTIONS=-Dhttps.protocols=TLSv1 in the configuration file.

A driver with this setting will always initiate a connection only through the TLSv1 protocol and will not connect to servers using SSlv3 protocol.