Access Manager: Self Sign Certificate With Active Directory Certificate Services


Access Manager supports the importing of signed certificates. Following the instructions below:

Generating a CSR

  1. Log into Access Manager with the admin account and access Configuration > SSL.
  2. Select Generate Key and Certificate and complete all details on the page. Select Finish once all details are complete.
  3. On Configuration > SSL select Download CSR. The CSR will be downloaded in .pem format.
  4. Transfer the CSR file to your Active Directory server.

Signing the CSR

  1. From the Active Directory server run,
    certreq -submit -attrib "CertificateTemplate:WebServer" CertificateFile
    Replacing CertificateFile with your CSR pem file saved in the earlier step.
  2. It will ask you to select the CA to use.
  3. At the end of certreq, you will be asked to save the certificate. Choose a location and save.
  4. In addition Export the root certificate of the Certificate Authority, you can download this from the new certificate. Open the certificate details and go to Details and select Copy to File, exporting the certificate with DER encoding.

Importing the signed Certificate

  1. From Configuration > SSL again, select Trusted CA CErtificate and upload the root certificate that was just exported.
  2. Now select Certificate signed by a Certification Authority in the Upload Keys and Certificates section.
  3. In Certificate File, chose the signed certificate file generated in the previous steps.
  4. Leave the other fields as default.
  5. Select Upload.
  6. Access Manager will prompt for a service restart for the certificate to be updated.