To prepare and upload an SSL certificate to Active Directory, perform the following actions for each server with the Central Node component:
ldap://CN=<Active Directory Site containing the computer with the Endpoint Sensors component>,CN=Sites,<configurationPartition>
ldap://CN=Services, <Active Directorу configuration partition>
It is recommended to publish the certificate in the "Sites" container if a separate Central Node component is deployed for any Active Directory Site.
If an IP address was specified as the address during installation, the attribute must contain the same IP address. If the server FQDN was specified as the address, the attribute must contain the same server FQDN.
The Endpoint Sensors component performs a sequential search for the serviceConnectionPoint object starting in the Sites container and then in the Services container. It uses the first found object whose keywords attribute contains a unique ID but whose serviceDnsName attribute matches the Central Node server address that was defined during installation of the Endpoint Sensors component.
If the same Active Directory container contains two or more serviceConnectionPoint objects whose keywords attributes contain a unique ID but whose serviceDNSName values match, the Endpoint Sensors component will have limited functionality.
If the Endpoint Sensors component cannot decode the value of the serviceBindingInformation attribute into binary format, or if the attribute value is an empty string, the Endpoint Sensors component will have limited functionality.
Page top