RHEL 6.3 IDM and Windows 2003 AD integration issue

Latest response

Following the docs, section 8.4 managing Synchronization Agreements, of the Identity Management Guide, I am having an issue importing the self-signed cert from my IDM server into AD. Using either commandline or the GUI tools in Windows the result is the same:

 

1. Commandline using certutil - "-installCert command FAILED: The group or resource is not in the correct state to perform the requested operation."

 

2. GUI tool - I can easily import the cert I got off http://idmserver/ipa/config/ca.crt but when I look at it it shows under the General tab a red X over the cert icon and it says "The integrity of this certificate cannot be guaranteed. The certificate may be corrupted or may have been altered."

 

Under the Certification Path tab is says "Certificate status: This certificate has an nonvalid digital signature."

 

Does anyone know why Windows 2003 doesn't like RHEL 6.3 IDM self-signed certs?

Responses

Hi Graham

 

From the error that you are reporting,  Can you check the below.

 

 

There is a bug in Windows 2003 where if certificates have been signed with SHA2 algorithms they are not accepted. Apply the hotfix mentioned in the below url.

http://support.microsoft.com/kb/938397

Thank you, Mallapadi, that has indeed solved the problem. For any one else that comes across this issue, if you get an error "missing hip object" with Internet Exploder while trying to grab this hotfix then switch to Firefox or Chrome. Its an IE problem.

Good to know, Graham. Thanks for sharing that.