Sentinel RD only allows an SSL connection to the ActiveMQ JMS message bus. This requires an SSL connection for the Sentinel driver and the Identity Vault Collector. Complete the following steps only if you are using Sentinel RD.
You must generate a keystore file that is used by the Sentinel driver and the Identity Vault Collector:
Access the Sentinel_RD_installation_directory/config directory.
Enter the following command to extract the trusted root certificate:
../jre64/bin/keytool -exportcert -alias broker -keystore .activemqclientkeystore.jks -storepass password -file broker.cert
Enter the following commands to import the trusted root certificate into a new keystore file named jssecacerts:
Enter the following:
../jre64/bin/keytool -importcert -alias broker -file broker.cert -keystore jssecacerts -storepass password
Enter yes to trust to the certificate.
Remove the broker.cert file by entering rm broker.cert.
After you have generated the keystore file, it must be moved to the correct location. Proceed with Section 7.4.2, Moving the Keystore File.
After you have generated the keystore jssecacerts file, it must be moved to the JRE* security directory in the Sentinel driver and the Identity Vault Collector. The Sentinel driver and the Identity Vault Collector each contain a JRE. You must establish an SSL connection for each JRE for Sentinel RD to work.
You have the option of installing the Sentinel driver and the Identity Vault Collector locally or remotely. The following contains the default installation directories for each option on Linux/UNIX:
Table 7-1 Location of the JRE Security Directories on Linux/UNIX
Product |
JRE Security Directory |
---|---|
Sentinel Driver |
Local Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security Remote Installation: /opt/novell/eDirectory/lib/nds-modules/jre/lib/security If you are using a 64-bit platform, the directory is lib64 instead of lib. |
Identity Vault Collector |
Local Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security Remote Installation: /opt/novell/sentinel6_rd_x86-64/jre64/lib/security |
After the jssecacerts file is in the proper location, you must restart Identity Manager, the Remote Loader, and Sentinel RD for the applications to use the certificate.
If you are using the Remote Collector Manager, there are some additional steps that are required:
Copy the config/activemqusers.properties file from your Sentinel RD server into the config directory in your remote installation.
Change the localhost part of the
parameter for the Collector to the IP address of the Sentinel RD server.