To enable communication between the adapter and the Azure Active Directory domain, you must configure keystores
for the Dispatcher.
About this task
For more information about SSL configuration, see the Dispatcher
Installation and Configuration Guide.
Procedure
- Open a browser.
-
Go to https://accounts.accesscontrol.windows.net
Note: The Internet Explorer browser might return a
HTTP 400 Bad Request message.
You might be unable to view the SSL lock button. To correct this issue:
- On the browser, go to Tools > Internet Options and click the
Advanced tab.
- In the Settings panel, locate the Show friendly HTTP error
messages option under Browsing.
- Disable the Show friendly HTTP error messages option.
- Click Apply and then click OK to close the panel.
- Click the Refresh button to reload the link and display the SSL
lock.
- View the certificate.
- Click SSL lock.
- If your browser reports that revocation information is not
available, click View Certificate.
- Click Certification Path
- Select the MSIT Machine Auth CA 2 certificate.
- Export the certificate into a file that is encoded in the
Base64 format.
- If the Dispatcher already has a configured keystore, use
the iKeyman Utility to import the MSIT Machine Auth CA
2 certificate. Complete the following steps:
- Navigate to the ITDI_HOME/jvm/jre/bin directory.
- Start the ikeyman.exe file.
- From the Key Database File menu,
select Open.
- For the key database type, select JKS.
- Type the keystore file name: testadmin.jks.
- Type the location: ITDI_HOME/timsol/serverapi.
- Enter the password when prompted. The default password
is administrator.
- Click Signer Certificates in
the dropdown menu and click Add.
- Use Browse to select the downloaded
or exported MSIT Machine Auth CA 2 certificate.
- Click OK to continue. The certificate
is added in the certificate store.
- Restart the Dispatcher service and browser.
For information about SSL configuration, see the Dispatcher
Installation and Configuration Guide.