Device Adapter TLS Configuration
Connections to the IdAM Device Adapter REST API can be made through:
- HTTP on port 80
- HTTPS on port 443
By selecting to connect via HTTPS, the IdAM factory default settings will include a self-signed certificate.
If the existing SSL key in the Device Adapter is manually deleted, the IdAM Device Adapter re-generates a new key-pair and a self-signed certificate.
To replace the generated self-signed certificate setup with your own TLS certificates generated by your trusted CA, follow the Update Device Adapter TLS Certificate steps below.
The following is required before you get started.
Acquire the SSL private key file in PEM format, then remove any passphrase and name it
Acquire the corresponding certificate in PEM format and name it
If your setup requires an external CA certificate, use that file in PEM format and name it
If your setup is using a self-signed certificate, copy and/or duplicate the
server.pemand use it as
- Ensure that your workstation has direct access to the Sequence Controller network.
Ensure to use the defined filenames since the auto-creation of a self-signed certificate requires these exact names.
Update Device Adapter TLS Certificate
To replace the generated self-signed certificate with your own certificates generated by your trusted CA, update the Device Adapter certificate by uploading your file(s) via the Sequence Controller.
Copy the file(s) to the Sequence Controller by uploading your files
(server.key, server.pem, ca.pem)via the Secure copy protocol (SCP) to the Sequence Controller directory
/tmp. The default credentials are:
- Enable SSH access to the Sequence Controller using the default IP address
192.168.5.92and credentials above, and run the command
sudo suto get elevated root privileges:
sudo su -CODE
- Copy the files from the Sequence Controller to the Device Adapter Machine (IP address
100.127.255.2), via IdAM's internal network.
scp -i /root/.ssh/id_* /tmp/server.key /tmp/server.pem /tmp/ca.pem 100.127.255.2:/etc/httpd/sslPOWERSHELL
- SSH to the Device Adapter. For example:
ssh -i /root/.ssh/id_* firstname.lastname@example.org # after successful login in the prompt should look like: root@DeviceAdapter/100.127.255.2 [~]#_POWERSHELL
- Change the access rights and ownership.
chmod 600 /etc/httpd/ssl/* chown root: /etc/httpd/ssl/POWERSHELL
- Restart the Apache daemon.
systemctl restart httpdTEXT
- To test the connection in the Device Adapter network to verify the new certificates, see Test TLS connection to Device Adapter.
- Run the following to make the new configuration persistent:
The change of the Device Adapter TLS certificate is now complete.