When looking for further technical details regarding certificates for the One Identity Manager Password Capture Agent, the main requirement during a normal setup is that the Web Server certificate is made available for validation on the Domain Controller's certificate store. The .NET methods are strict about certificate verification so it is important that the certificate hostname match the Web Server hostname exactly.
Furthermore, the environment (domain group policy objects and or IIS settings) could limit the following regarding certifications:
- Certificate signing algorithms
- Certificate hashing mechanisms
- Encryption protocols
- Key exchange algorithms