Configuring a directory server that has a load balancer or multiple domain controllers
BigFix Compliance supports authentication through a LDAP server. Learn how to configure the root certificate for the BigFix Compliance server.
Before you begin
About this task
If your LDAP server uses a load balancer or multiple domain controllers that dynamically change the list of hosts, and the connection between LDAP and the BigFix Compliance server is secure, perform advanced configuration of the BigFix Compliance server.
Procedure
Perform the following steps to configure the root certificate for the
BigFix Compliance
server:
-
Contact LDAP server administration and obtain a root certificate for LDAP,
which contains one or more certificates (full chain of trust). The following
example shows a root certificate:
-----BEGIN CERTIFICATE----- MIIHZjCCBk6gAwIBAgISKESJLWXAAAACTANBgkqhkiG9w0BAQUFADBNMRMwEQYK CRWmyVBwPWQBBUNdilPKJRQwpeYKCZImiZPyLGQBGRYEQ354jTEgGG7GA1UEAiU5 . . . MTAzMzQxWjBZMRMwEQYKCZImiZPJVGQBGRYDbmV0MRkwFwYKCZImiZPyLGQBGRYJ bnNyb290ZGV2MScwJQYDVQQDEx5DaXRXAEludGVybmFsIERldmljZSBDQSAwMyBM -----END CERTIFICATE-----
Note: Ensure that root certificate file is in PEM format. - Copy the root certificate file to the following directory: C:\Program Files\BigFix Enterprise\SCA\jre\lib.
-
Using command prompt, run the following command:
C:\Program Files\BigFix Enterprise\SCA\jre\bin\keytool -import -trustcacerts -file <certificate_file_name> -alias certAliasName -keystore cacerts -storepass <password>
Where <password> is provided by the BigFix Support.
- Restart BigFix Compliance.