Novell Doc: Driver for Sentinel 6.1 and the Identity Vault Collector Implementation Guide

7.4 Configuring an SSL Connection

Sentinel RD only allows an SSL connection to the ActiveMQ JMS message bus. This requires an SSL connection for the Sentinel driver and the Identity Vault Collector. Complete the following steps only if you are using Sentinel RD.

7.4.1 Generating the Keystore File

You must generate a keystore file that is used by the Sentinel driver and the Identity Vault Collector:

Access the Sentinel_RD_installation_directory/config directory.

Enter the following command to extract the trusted root certificate:

../jre64/bin/keytool -exportcert -alias broker -keystore .activemqclientkeystore.jks -storepass password -file broker.cert

Enter the following commands to import the trusted root certificate into a new keystore file named jssecacerts:
1. Enter the following:
```
../jre64/bin/keytool -importcert -alias broker -file broker.cert -keystore jssecacerts -storepass password
```
2. Enter yes to trust to the certificate.
Remove the broker.cert file by entering rm broker.cert.

After you have generated the keystore file, it must be moved to the correct location. Proceed with Section 7.4.2, Moving the Keystore File.

7.4.2 Moving the Keystore File

After you have generated the keystore jssecacerts file, it must be moved to the JRE^* security directory in the Sentinel driver and the Identity Vault Collector. The Sentinel driver and the Identity Vault Collector each contain a JRE. You must establish an SSL connection for each JRE for Sentinel RD to work.

You have the option of installing the Sentinel driver and the Identity Vault Collector locally or remotely. The following contains the default installation directories for each option on Linux/UNIX:

Table 7-1 Location of the JRE Security Directories on Linux/UNIX

Product	JRE Security Directory
Sentinel Driver	Local Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security Remote Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security If you are using a 64-bit platform, the directory is lib64 instead of lib. On a 64-bit platform, you would use this directory: /opt/novell/eDirectory/lib64/nds-modules/jre/lib/security
Identity Vault Collector	Local Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security Remote Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security

Product

JRE Security Directory

Sentinel Driver

Local Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security

Remote Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security

If you are using a 64-bit platform, the directory is lib64 instead of lib. On a 64-bit platform, you would use this directory:

/opt/novell/eDirectory/lib64/nds-modules/jre/lib/security

Identity Vault Collector

Local Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security

Remote Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security

After the jssecacerts file is in the proper location, you must restart Identity Manager, the Remote Loader, and Sentinel RD for the applications to use the certificate.

Now you need to restart Sentinel RD and eDirectory. Since your driver may start automatically and since the ID Vault Collector must be running before the driver starts, then you should restart Sentinel RD before eDirectory.

7.4.3 Configuring the Remote Collector Manager Installation

If you are using the Remote Collector Manager, there are some additional steps that are required:

Copy the config/activemqusers.properties file from your Sentinel RD server into the config directory in your remote installation.
Change the localhost part of the Broker URL parameter for the Collector to the IP address of the Sentinel RD server.