立即与支持人员聊天
与支持团队交流

Identity Manager 9.2 - Password Capture Agent Administration Guide

The One Identity Manager Password Capture Agent Managing the Password Capture Agent Fine-tuning automated password synchronization The Password Capture Agent Windows PowerShell module Event log for the Password Capture Agent Customizing security for the Password Capture Agent service Achieving high availability for the web service with Windows Network Load Balancing Installing the Password Capture Agent with MSIEXEC Certificate lookup options Known error codes

Specifying a custom certificate for encrypting password synchronization traffic

By default, the password synchronization traffic between the Password Capture Agent and the web service is secured by transport layer security only. Therefore, it is strongly recommended that you specify a custom certificate.

IMPORTANT: You need a certificate file including the private key to encrypt password synchronization traffic.

Detailed information about this topic

Step 1: Import certificate into certificates store

In this step, import the certificate to the Personal\Certificates machine certificate store by using the Certificates snap-in. You must complete this step on each domain controller running the Password Capture Agent and on each computer running the web service that will participate in password synchronization.

To import the certificate

  1. Open the Certificates - Local Computers snap-in.

  2. In the console tree, click Personal | Certificates.

  3. On the Action menu, point to All Tasks and click Import.

  4. Use the wizard.

    1. On the File to Import page, in File name, enter the file name containing the certificate to be imported, or click Browse to locate and select the file. When finished, click Next.

    2. On the Password page, enter the password used to encrypt the private key, and click Next.

    3. On the Certificate Store page, ensure that Place all certificates in the following store is selected and that Certificate store displays Personal. Then click Next.

    4. On the Completion page, revise the specified settings and click Finish.

To add read permissions to the certificate for the web service

  1. Open the Certificates - Local Computers snap-in.

  2. In the console tree, click Personal | Certificates.

  3. Select your imported certificate from the list.

  4. On the Action menu, point to All Tasks and click Manage Private Keys.

  5. Add Read Permissions for the Network Service security principal and click OK.

Related topics

Step 2: Copy certificate’s thumbprint

Copy the thumbprint of your custom certificate. (In the next step, you will need to provide the thumbprint to the Password Capture Agent.)

To copy the thumbprint of your custom certificate

  1. Open the Certificates - Local Computer snap-in.

  2. In the console tree, click Personal

  3. Click Certificates.

  4. In the details pane, double-click the certificate.

  5. In the Certificate dialog, click Details, and scroll through the list of fields to select Thumbprint.

  6. Copy the hexadecimal value of thumbprint to the clipboard.

NOTE: You will need the copied thumbprint value to configure the Password Capture Agent.

Related topics

Step 3: Provide certificate’s thumbprint to the Password Capture Agent

This step assumes that the Password Capture Agent Windows PowerShell module for the Password Capture Agent is installed on your workstation and all other requirements are met.

To provide the thumbprint to the Password Capture Agent

  1. Sign on to the workstation installed with Password Capture Agent Windows PowerShell module as member of the Domain Admins group.

  2. Open an elevated command line.

  3. Run the following command to modify the configuration profile with the new thumbprint:

    REG ADD "\\<COMPUTERNAME>\HKLM\Software\One Identity\One Identity Manager\Password Capture Agent\Service" /v "CertificateThumbprint" /t REG_SZ /d "1800b62e8cf19d1c4bcdcd2b6e435c3c85e04188"

  4. Run the following commands to restart the Password Capture Agent service:

    sc \\COMPUTERNAME stop "Password Capture Agent"

    sc \\COMPUTERNAME start "Password Capture Agent"

    Related topics
相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级