MicroStrategy ONE

Create a CSR in Microsoft AD

To Create a Certificate Signing Request (CSR) in Microsoft Active Directory

You enable private communication between the MicroStrategy Identity Server and MicroStrategy Identity components running locally on your system by configuring them to use SSL (secure sockets layer) encryption while communicating with each other. To do this, you must obtain an SSL certificate signed by MicroStrategy Identity. You generate the signed certificate by submitting a certificate signing request (CSR) through MicroStrategy Identity Manager to be signed by MicroStrategy Identity.

Use a third-party tool to create a certificate signing request (CSR) that meets the following requirements:

  • RSA key size of at least 3072 bits
  • Hash algorithm of SHA-256 or higher
  • The CSR uses the following values:
    • Organization Name: Usher
    • Organizational Unit Name: Agent

You can create a certificate signing request (CSR) using the OpenSSL® utility. If you have installed MicroStrategy Identity on Windows, the OpenSSL utility is included. Alternatively, you can download the OpenSSL utility from https://www.openssl.org/community/binaries.html. On Linux, an openssl utility is included with many distributions.

The steps below contain only the information required to configure or use OpenSSL with MicroStrategy Identity. See the OpenSSL documentation for the latest information.

To Create a CSR Using OpenSSL

  1. Depending on your platform, do one of the following:
    • Windows: Open a command prompt window as administrator, and navigate to the location where OpenSSL is installed.
      • If you use the utility installed with MicroStrategy Identity, the default is C:\Program Files (x86)\Common Files\MicroStrategy\OpenSSL\openssl-1.0.2e\.
      • If you installed the utility manually, the default is C:\OpenSSL- Win32\bin.
    • Linux: Open a terminal window.
  2. To create a private key and certificate signing request (CSR), enter the following command:

    openssl req -new -newkey rsa:rsaKeySize -shaHashAlgorithm -nodes -subj '/O=Usher/OU=Agent' -keyout KeyName.key -out CSRName.csr

    where:

    • rsa:rsaKeySize = the RSA key size. For example, enter rsa:3072 to create an RSA key size of 3072 bits.
    • -shaHashAlgorithm = the hash algorithm. For example, enter -sha256 to use the SHA-256 hash algorithm.
    • KeyName.key = the name that you want to give the private key file. By default, the private key file is created in the current location. To create the file in a different location, include the location path in the KeyName.key parameter.
    • CSRName.csr = the name that you want to give the CSR file. By default, the CSR file is created in the current location. To create the file in a different location, include the location path in the CSRName.csr parameter.

      For example: openssl req -new -newkey rsa:3072 -sha256 -nodes -subj '/O=Usher/OU=Agent' -keyout UsherApp.key -out UsherApp.csr

      A CSR (.csr) file and a private key (.key) file are created. Save these files in a location that is accessible by the machine that you install the MicroStrategy Identity Agent on. You will use these files to configure MicroStrategy Identity components.

Next, register your MicroStrategy Identity Agent in MicroStrategy Identity Manager.

To Register your MicroStrategy Identity Agent in MicroStrategy Identity Manager

  1. Log into MicroStrategy Identity Manager.
  2. Click Users and Badges tab if it is not already highlighted.
  3. Under User Management, click the Identity Synchronization Agent for Microsoft Active Directory icon Usher Agent for Microsoft Active Directory.
  4. In the Name Your Connection Agent field, enter names to identify your Microsoft Active Directory connection and your first Identity Agent.
  5. To download the Identity Agent installation file, click Create and Download Agent for Windows or Create and Download Agent for Linux. Note the location on your computer where the installation file (cluster_AD_install.exe) is saved.
  6. After you download the installation file, Identity Manager provides the MicroStrategy Identity Server URL (labeled as IDM Server URL), the Agent ID, and Registration Code.

Next, Install and Configure the Identity Agent for Microsoft AD