IMPORTANT:In Identity Audit, all logging application certificates must be signed by the Secure Logging Server root certificate and they must contain an Application Identifier.
The following AudCGen command generates a public certificate and private key for your logging application:
audcgen app [cacert:filename] [-capkey:filename] [-appcert:filename] [-apppkey:filename] -name:application_identifier [-bits:RSA_key_size] [-sn:number] [-valid:number] [-f]
NOTE:This command is used to generate logging application certificates by using either the internal Identity Audit CA or one signed by a third-party CA. Use the -cacert and -capkey parameters to specify the root certificate used by your Secure Logging Server.
The following sample command creates a logging application certificate for Identity Manager:
audcgen app -cacert:slscert.pem -capkey:slspkey.pem -appcert:IDMcert.pem -apppkey:IDMpkey.pem -name:DirXML -bits:512 -sn:123
For more information, see Section 6.2, The Identity Audit AudCGen Utility.
To enable the Identity Manager Instrumentation to use a custom certificate key pair, the path and filename for the certificate and private key files must be as follows:
Table 6-2 Identity Manager Certificate and Key Paths and Filenames
Platform |
Certificate Path and Filename |
PrivateKey Path and Filename |
---|---|---|
Windows |
\windows_directory\dxicert.pem |
\windows_directory\dxipkey.pem |
Linux and Solaris |
/etc/dxicert.pem |
/etc/dxipkey.pem |
NOTE:If you are using the pure Java remote loader (dirxml_jremote), the above locations work. However, if dirxml_jremote is running on a non-UNIX-like platform, you must add the following to the Java invocation line in the dirxml_jremote script:
-Dnovell.dirxml.remoteloader.audit_key_directory=<directory_name>