Chat now with support
Chat with Support

Quick Connect Sync Engine 5.5 - Administrator Guide

One Identity Quick Connect Overview Deploying One Identity Quick Connect Sync Engine Getting started Connections to external data systems Synchronizing identity data Mapping objects Automated password synchronization Synchronization history Scenarios of use Appendices

Step 2: Export custom certificate to a file

In this step, you export the issued certificate to a file. You will need the file to install the certificate on each domain controller running Capture Agent and on each computer running Quick Connect Service.

To export the certificate

  1. On the computer where you installed the certificate in step 1, open the Certificates - Local Computers snap-in.
  2. In the console tree, click the Personal/Certificates store.
  3. In the details pane, click the issued certificate you want to export.
  4. On the Action menu, point to All Tasks, and then click Export.
  5. Step through the wizard.
  6. On the Export Private Key page, select Yes, export the private key, and then click Next.

    This option is available only if the private key is marked as exportable and you have access to the private key.

  7. On the Export File Format page, do the following, and then click Next:
    • To include all certificates in the certification path, select the Include all certificates in the certification path if possible check box.
    • To enable strong protection, select the Enable strong protection (requires IE 5.0, NT 4.0 SP4 or above) check box.
  8. On the Password page, use the Password text box to type a password to encrypt the private key you are exporting. In Confirm password, type the same password again, and then click Next.
  9. On the File to Export page, use the File name text box to specify the PKCS #12 file to which you want to export the certificate along with the private key, and click Next.
  10. On the Completion page, revise the specified settings and click Finish to create the file and close the wizard.

Step 3: Import certificate into certificates store

In this step, you import the certificate to the Personal\Certificates certificate store by using the Certificates snap-in. You must complete this step on each domain controller running Capture Agent and on each computer running the Quick Connect Service that will participate in the password synchronization.

To import the certificate

  1. Open the Certificates - Local Computers snap-in.
  2. In the console tree, click the Personal\Certificates logical store.
  3. On the Action menu, point to All Tasks and then click Import.
  4. Step through the wizard.
  5. On the File to Import page, in File name, type the file name containing the certificate to be imported or click Browse and to locate and select the file. When finished, click Next.
  6. On the Password page, type the password used to encrypt the private key, and then click Next.
  7. On the Certificate Store page, ensure that the Place all certificates in the following store option is selected, and the Certificate store text box displays Personal, and then click Next.
  8. On the Completion page, revise the specified settings and click Finish to import the certificate and close the wizard.

Step 4: Copy certificate’s thumbprint

In this step, you copy the thumbprint of your custom certificate. In the next steps, you will need to provide the thumbprint to Capture Agent and Quick Connect Service.

To copy the thumbprint of your custom certificate

  1. Open the Certificates - Local Computer snap-in.
  2. In the console tree, click the Personal store to expand it.
  3. Click the Certificates store to expand it.
  4. In the details pane, double-click the certificate.
  5. In the Certificate dialog box, click the Details tab, and scroll through the list of fields to select Thumbprint.
  6. Copy the hexadecimal value of Thumbprint to Clipboard.

    You will need the copied thumbprint value to configure the Capture Agent and Quick Connect Service.

Step 5: Provide certificate’s thumbprint to Capture Agent

This step assumes that:

  • The same Group Policy object is linked to each OU holding the domain controllers on which the Capture Agent is installed. For more information on how to create and link a Group policy object, see the documentation for your version of Windows.
  • The CaptureAgentService.adm administrative template file is linked to that Group Policy object.

    For instructions on how to add an administrative template file to a Group Policy object, see Step 2: Add administrative template to Group Policy object

To provide the thumbprint to Capture Agent

  1. On any computer joined to the domain where Capture Agent is installed, open Group Policy Object Editor, and connect to the Group Policy object to which you added the Administrative Template in Step 2: Add administrative template to Group Policy object.
  2. In the Group Policy Object Editor console, expand the Group Policy object, and then expand the Computer Configuration node.
  3. Expand the Administrative Templates\Quick Connect node to select Quick Connect Capture Agent Service.
  4. In the details pane, double-click Set certificate.
  5. In the Certificate Properties dialog box, open the Set certificate properties tab, select the Enabled option, and then paste the certificate’s thumbprint (the one you copied in Step 4: Copy certificate’s thumbprint) in the Thumbprint text box. When finished, click OK.
  6. For the changes to take effect, refresh the Group Policy settings by running the following command at a command prompt: gpupdate /force
Related Documents