Saviynt Forums

avinash_16 · ‎07/30/2023

So currently I was able to establish the 389 AD port connection and now I want to make a 636 SSL connection with the AD instance. I was able to install the certificate authority feature in our AD and I created a self-signed certificate for the domain as the certificate authority and established another certificate for client server and authentication. I was able to test and see a whether I would be able to establish the 636-port connection within the AD instance and it was successful.

But when it comes to a third-party client like Saviynt, the certificate must be published by a trusted third-party certificate authority (like DigiCert, GoDaddy etc.) in order for Saviynt to trust the host which it is trying to connect to. But here I want Saviynt to establish a connection with a private AD instance which is self-signed.

So, is there any way for Saviynt to establish a 636-port connection with AD which is an untrusted self-signed application, or the certificate must be signed by a trusted third-party certificate authority? Can you please provide a proper idea about this?

Thank You.
Avinash

sudeshjaiswal · ‎07/31/2023

Hello @avinash_16,

You can generate your certificate, or you can use the same certificate which generate by you.

You can manually install the root certificate (the self-signed CA certificate you created) on the machine running Saviynt. This approach requires configuring Saviynt to trust the specific certificate you generated for your AD instance. This will make Saviynt trust the self-signed certificate for the domain.

Instead of self-signing the certificate, you can also obtain an SSL certificate from a trusted third-party certificate authority like DigiCert, GoDaddy, or others. This certificate will automatically be trusted by most third-party clients like Saviynt since it's issued by a recognized and trusted CA.

Note:-
Remember, using self-signed certificates can introduce security risks, as it opens up the possibility of other security vulnerabilities. If possible, it's best to use certificates from a recognized and trusted third-party CA to ensure the highest level of security and compatibility with various applications and services.

avinash_16 · ‎07/31/2023

Thank you for the reply. I did check the documentation but there is no proper guideline on how to install a self-signed root certificate in Saviynt. Can you provide any guidelines for how to install the certificate in the root CA?

Thanks.

dgandhi · ‎07/31/2023

Have you checked attached document?

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter07-General-Administrator/Cer...

Thanks,
Devang Gandhi
If this reply answered your question, please click the Accept As Solution button to help future users who may have a similar problem.

avinash_16 · ‎07/31/2023

Yes. I did go through the documentation mentioned above. The problem/ issue is that when I uploaded the certificate (I tried with both the Root CA Certificate and the Client AuthN certificate) both failed to establish the SSL connection with Saviynt. Is there any way we could do this without a certificate from certified 3rd party authority?

Thanks.

rushikeshvartak · ‎07/31/2023

Use Add Certificate button in connection.

https://docs.saviyntcloud.com/bundle/EIC-Admin-v23x/page/Content/Chapter02-Identity-Repository/Creat...

Regards,
Rushikesh Vartak

avinash_16 · ‎07/31/2023

Thank you for the reply. Can you please tell me whether we could upload the self-signed certificate here so saviynt would automatically accept it as a ROOT CA so that I can upload my client authN certificate?
Thanks.

rushikeshvartak · ‎07/31/2023

You can upload certificate and restart server

Regards,
Rushikesh Vartak

Saviynt Forums

AD SSL Connection