Skip to main content
Skip table of contents

How To Deploy the Imprivata Appliance Certificate(s) to IGEL Devices

IGEL supports the Imprivata appliance certificates in the Base64 encoded X.509 .crt or .cer format. 

By default, Imprivata appliances use a self-signed certificate (.crt format) generated by the Imprivata root CA that is built into the appliance.   

Customers can change the appliance certificate to one that is signed by a trusted root CA for either their network (e.g. Active Directory Domain Enterprise Root CA) or a publicly trusted CA like DigiCert. If this is the situation, you will need to export the root CA / subordinate CA / appliance certificate chain in Base64 X.509 .crt or .cer format and deploy the chain to all the devices via the UMS.   

Using the Imprivata Root CA Certificate

  1. To confirm a customer is using the self-signed certificate, log into the Imprivata Appliance Console and go to the tab Security.
    (example appliance URL: https://fqdn-of-appliance:81)

  2. The following message will be shown:
    "The SSL certificate for this appliance has been self signed by the certification authority (CA) on this appliance. Download the certificate of this CA.” 


  3. Click Download the certificate.

  4. The root certificate will be automatically downloaded as a file called ssoCA.crt.


     

    The Imprivata root CA certificate is the only one you need to deploy to the IGEL devices from the UMS Console as it will verify the trusted connection to the different appliances in the environment. 

Using a Third-Party Root CA (e.g. Microsoft AD or Public CA)

In this situation, you will not be able to download the root CA from the Imprivata Appliance Console. 

You will have to export the chain via a browser supported by the Imprivata Appliance Console (MS Edge or Chrome). 

Export the certificate chain in .crt format (Base64 X.509). 

Deploying the Appliance Certificates 

For how to deploy certificates via the UMS, see IGEL OS > IGEL OS Articles > Certificates 1 > Deploying Trusted Root Certificates in IGEL OS

When uploading the Imprivata root CA certificate or third-party certificate(s) to UMS, you can choose either of two options for file classification:   

  • Common certificate (all-purpose) - this is the preferred choice 

  • SSL certificate 

Examples of Imprivata Certificate for UMS Java or Web Console:

With either option, once the certificate is deployed to the device, it will automatically install in the /wfs/ca-certs directory which is where the IGEL Agent for Imprivata looks for the certificates. If needed, you can verify the certificate by opening a terminal window and running the following command; the exact command depends on the name of the certificate file:

cd /wfs/ca-certs; openssl verify ssoCA.crt  

or  

cd /wfs/ca-certs; openssl verify ssoCA.cer 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close