Hello everyone, I’m trying to set up AD source to be able to comunicate with my IQService with TLS enabled between VA and IQservice. I imported the right certificates chain, from IQService to the VA following the guide. I run the IQService on the right TLS port and I registered the service account associated to the IQService. When I’m trying to test connection from Sailpoint I’m having this error:
There’s a lot of things that can cause this. Backing up a bit - Did you confirm non-TLS works as expected (i.e. confirming that switching from non-TLS → TLS is where things break?)
Are you using a standard service account or a gMSA account? These configurations require different settings.
Hi,
Please check these few things:
Is your VA able to connect to connect to the configured TLS port of AD and IQ
For AD port will generally be 636 or 389
Command: nc -zv -w 5 {IP of the IQ} {Port configured}
Did you import root cert and machine cert to VA in .pem format for your domain controller and IQ server?
Is the connection to IQ server through load balancer?
Do you have FQDN/IP of your domain controller name and IQ server name in the subject name of certs uploaded?
Do you have certs with private key sign in the Personals>certificate in your IQ server?
Did you restart the ccg with
sudo systemctl restart ccg - after uploading the certificates to the VA? - Did you see certificates imported after restarting the ccg
How did you get your domain controller certificates in the VA?
Once you answer these, maybe some suggestions can be made.
Thanks !!!
