Using an External Certificate Authority (CA)

If you are using an external certificate authority, you only have to connect to the VA from the source to import the certificate.

Prerequisites

The ability to use TLS 1.0 to 1.2
You have created at least one virtual appliance cluster
CA root and intermediate certificates are in the Java CA certificates keystore
The certificate is on the source

Perform the following:

In the source, ensure that the following are true:
- The hostname for the source matches the hostname in the virtual appliance's configuration.
- The source is connected to the virtual appliance you configured to use TLS.
  
  Note
  If using Active Directory with IQService enabled, the Hostname cannot be an IP Address.
Change the Port to 636.
If available, enable the Use TLS option.
Test the connection.

The source's certificate is auto-imported to the VA.

Replace an Expired Certificate Issued by an External CA

When your certificate has expired, you can replace it on the source and then reboot your VA.

Prerequisites

Complete the process as described in Adding the Certificate to the Virtual Appliance.

Perform the following:

Add the new certificate on the source with a new name.
Restart the Connector Gateway using the following commands:

sudo systemctl restart ccg

The source's certificate is auto-imported to the VA.

Feedback is provided as an informational resource only and does not form part of SailPoint's official product documentation. SailPoint does not warrant or make any guarantees about the feedback (including without limitation as to its accuracy, relevance, or reliability). All feedback is subject to the terms set forth at https://developer.sailpoint.com/discuss/tos.


	You are here:

Using an External Certificate Authority (CA)

Replace an Expired Certificate Issued by an External CA

Documentation Feedback