Hi Experts,
Can someone please help me with VA certificate update/renew commands and the process. I have limited knowledge about linux machines.
Thank you!
Hi Sanjay,
Not sure what are you looking for, but in this document you’ll find some tips to troubleshoot VAs: Virtual Appliance Troubleshooting Guide - Compass
Search for “certificate” in the document (CTRL-F in any browser) and you’ll see some troubleshooting tips that may help.
Regards,
Elisa.
Hi
Are you looking for SSL certificates which we import into VA for the target applications?
If yes, home/sailpoint/certificates upload your certificate in the path.
You can use winscp tool instead of putty to connect VA and upload certificates directly in the target path without cammends
Thanks,
Siva.K
Thank you @eabedrapo1 . I am looking for SSL certificates to be imported on VA for AD based application.
Correct SSL for AD based applications.
We don’t have the winscp installed so searching for commands if anyone can help.
Thank you @Sivakrishna1993
Hi Sanjay,
We copy the certificate from the IQSeervice server (Windows) using SCP from the command line (CMD or PowerShell).
Some references about the command here: Use SCP to copy files (Windows) - SoC Docs (dcu.ie)
I hope that helps!
Elisa.
Hi Sanjay,
You need to add the root CA cert in ‘/home/sailpoint/certificates’ directory of all VAs in the cluster.
To do this you can either use commands or WinSCP if you prefer to use a UI.
The command is: cp TLScert.cer ./certificates
Replace “TLScert” with the name of your certificate.
Restart the CCG service using the command: sudo systemctl restart ccg
Best Wishes
Ryan
Hi @SKYadav
Good Day!
Kindly follow below steps for importing the certificate from target system such as AD and IQService.
- Please input the below command to check whether target system has TLS certificate installed or not.
openssl s_client -connect ip/fqdn of machine:TLS port
for example openssl s_client -connect 192.54.35.32:636 - Check the certificate details in command the command response.
- After validation copy the certificate from begin certificate to end certificate
- Save the certificate in .cer format.
- Open winSCP(Paste the certificate in /home/sailpoint/certificates directory) or directly create the file in VA and paste the copied certificate.
- After placing certificate in the above mentioned directory restart the ccg by using below command.
sudo systemctl restart ccg - Test the connection for your source.
Hope the above information will help you.
Thank you!
Hello Suraj ,
Does home/sailpoint/certificates located with in tomcat , i am not able to locate certificates folder in SAILPOINT_HOME
Hi Shiva
it is in VA.
@suraj_gorle Hello Suraj , I am debugging webservice connector failure and i am not sure about the VA if there is any cluster etc or how VA are configured in SP.
How can we know the VA for specific application and is it something SailPoint maintains ?
Thanks
Hi @shivakarasani199
Please check in base configuration of web service connector there you are able to see the cluster.
Then go to Connections<Virtual Appliances, here you are able to see details about cluster how many VA is currently using.
Then open VA’s (Depends how many are there in that cluster) and open ccg.log for debugging purpose by using below command.
tail -f /home/sailpoint/log/ccg.log.
Hope above information helps you.
Thank you.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.