Forefront Identity Management – Certificate Management (FIM CM 2010) – Part 4

FIM CM and CA integration

It is very important to understand the integration between the FIM CM and the CA server. The FIM CM installation files will add two modules in the CA server (Policy module and Exist module):

  • In the CA FIM Policy module: you configure the thumbprint of the FIM Agent Certificate. This will ensure that communication with the CA server is authenticated and encrypted.
  • In the CA FIM Exist module: you configure the FIM CM database SQL connection string. This will allow the CA to write to the FIM CM database.

Note: In order for the CA to access and the FIM CM SQL database, you have to create logon for the computer account of your CA server with (public and clmapp) rights on the FM CM database.

In simple words, the FIM Agent certificate is used to protect traffic between the CA and the FIM CM server, and the FIM KRA certificate is used to encrypt archived keys in the CA database.

FIM_CIM_CA_Integration_3322

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s