Sentinel RD only allows an SSL connection to the ActiveMQ JMS message bus. This requires an SSL connection for the Sentinel driver and the Identity Vault Collector. Complete the following steps only if you are using Sentinel RD.
You must generate a keystore file that is used by the Sentinel driver and the Identity Vault Collector:
Access the Sentinel_RD_installation_directory/config directory.
Enter the following command to extract the trusted root certificate:
../jre64/bin/keytool -exportcert -alias broker -keystore .activemqclientkeystore.jks -storepass password -file broker.cert
Enter the following commands to import the trusted root certificate into a new keystore file named jssecacerts:
Enter the following:
../jre64/bin/keytool -importcert -alias broker -file broker.cert -keystore jssecacerts -storepass password
Enter yes to trust to the certificate.
Remove the broker.cert file by entering rm broker.cert.
After you have generated the keystore file, it must be moved to the correct location. Proceed with Section 7.4.2, Moving the Keystore File.
After you have generated the keystore jssecacerts file, it must be moved to the JRE* security directory in the Sentinel driver and the Identity Vault Collector. The Sentinel driver and the Identity Vault Collector each contain a JRE. You must establish an SSL connection for each JRE for Sentinel RD to work.
You have the option of installing the Sentinel driver and the Identity Vault Collector locally or remotely. The following contains the default installation directories for each option on Linux/UNIX:
Table 7-1 Location of the JRE Security Directories on Linux/UNIX
After the jssecacerts file is in the proper location, you must restart Identity Manager, the Remote Loader, and Sentinel RD for the applications to use the certificate.
Now you need to restart Sentinel RD and eDirectory. Since your driver may start automatically and since the ID Vault Collector must be running before the driver starts, then you should restart Sentinel RD before eDirectory.
If you are using the Remote Collector Manager, there are some additional steps that are required:
Copy the config/activemqusers.properties file from your Sentinel RD server into the config directory in your remote installation.
Change the localhost part of the
parameter for the Collector to the IP address of the Sentinel RD server.