FIM CM and CA integration
It is very important to understand the integration between the FIM CM and the CA server. The FIM CM installation files will add two modules in the CA server (Policy module and Exist module):
- In the CA FIM Policy module: you configure the thumbprint of the FIM Agent Certificate. This will ensure that communication with the CA server is authenticated and encrypted.
- In the CA FIM Exist module: you configure the FIM CM database SQL connection string. This will allow the CA to write to the FIM CM database.
Note: In order for the CA to access and the FIM CM SQL database, you have to create logon for the computer account of your CA server with (public and clmapp) rights on the FM CM database.
In simple words, the FIM Agent certificate is used to protect traffic between the CA and the FIM CM server, and the FIM KRA certificate is used to encrypt archived keys in the CA database.