From 389 Directory Server

Download AEP

Download pre-built binaries of AEP here: [1].

Installation/Configuration

Follow these steps to perform the auto enrollment proxy installation and configuration.

1. Add Agent Cert:
   1. Export CA agent certificate into a pkcs12 file and copy that to this windows machine.
   2. run MMC
   3. open Certificates - Personal
   4. open certificates.
   5. Right click and select import to Import CA agent certificate.
2. Next, add the CA's certificate into your domain's group policy:
   1. Use IE and connect to the CA's agent page. No errors/warning should be displayed. If they appear, make sure they don't appear the next time.
   2. Go the CA's End-entity port, Retrieval, Import CA Certificate Chain, download CA Certificate Chain in binary form. Save it to your desktop with name 'cacert.cer'.
   3. run MMC ,
   4. Goto Active Directory Users and Computers, Right-click on '<DOMAIN>' in the left-hand panel/tree. Select Properties. Select Group Policy tab, Select Default Domain policy, Press Edit.
   5. Open Computer Configuration->Windows Settings->Security Settings->Public Key Policies->Trusted Root Certification Authorities Right click in the right panel, Select 'Import...'. Open the 'cacert.cer' file you saved earlier.
3. AEP Installation:
   1. Download the AEP executable.
   2. Double-Click to install it.
4. AEP Configuration:
   1. Configure CA cert
   2. Populate AD
   3. Configure CA information ( host / port )
   4. Configure Logging level.
   5. Apply.
5. DCOM - Configuration:
   1. open mmc - goto component services
   2. goto computers -> My Computer -> DCOM Config -> Red Hat Auto enrollment Proxy
   3. Right click on properties
   4. Security
      1. Launch and activation - Customize - make sure administrator is selected.
      2. Access - Customize it and make sure administrator is selected.
   5. Identity
      1. Enter administrator used name and password.

---

Next Chapter: Enrolling for certificates

Top Level