Versions Compared

Version Old Version 12 New Version 13
Changes made by

Emily Simon

Emily Simon

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Generate a certificate signing request and private key.
    openssl req -newkey -nodes -keyout clientKey.key -out clientCSR.csr
       
  2. Present the certificate signing request (.csr file) to your certificate authority (CA). The certificate authority will sign and return a certificate (.crt/.cer file).
       
  3. Create a .pem file from the certificate and private key.  
    cat clientCertificate.crt clientKey.key > clientPem.pem


This set of steps will create a PKCS#8 key file. See Converting Between Key Formats if you prefer another format.

FlexDeploy Setup

You must first create Credential Store in FlexDeploy by clicking Create Store button on Administration - Security - Credentials page. Credential store represents instance of specific type of credential store provider. If you have more than one CyberArk AAM installations, you will create equal number of Credential Stores in FlexDeploy. Use CyberArk AAM Provider when creating this store.

...

Property NameNotesExample
CyberArk URL

HTTP URL for CyberArk AAM. FlexDeploy will invoke HTTP GET to retrieve credential. If you use https protocol, then you may have to setup Server Certificate Path.

URL can be https://services-xyz.skytap.com:1234 or https://services-xyz.skytap.com:1234/AIMWebservice/api/Accounts. If URL does not end with api/Accounts, then /AIMWebservice/api/Accounts will be added to end of URL automatically for invocation.

https://services-xyz.skytap.com:1234
Client Certificate Path

This is the full path to the .pem file containing the private key and certificate chain used to authenticate FlexDeploy against CyberArk AAM.

Only PEM certificates are supported at this time. You must store PEM certificate file with private key and certificate on FlexDeploy server in secure location. See the Supported Key Formats section below to verify your private key meets requirements.


Client Certificate PasswordClient certificate password. This is required for PKCS#12 ( encrypted ) format private keys.
Server Certificate Path

Optional, only needed if using https protocol. This is the full path to the .pem certificate file which is used to setup trust for CyberArk server.

Only PEM certificates are supported at this time. You must store PEM certificate file with certificate on FlexDeploy server in secure location.


...