MicroStrategy ONE
Create a CSR in Microsoft AD
To Create a Certificate Signing Request (CSR) in Microsoft Active Directory
You enable private communication between the MicroStrategy Identity Server and MicroStrategy Identity components running locally on your system by configuring them to use SSL (secure sockets layer) encryption while communicating with each other. To do this, you must obtain an SSL certificate signed by MicroStrategy Identity. You generate the signed certificate by submitting a certificate signing request (CSR) through MicroStrategy Identity Manager to be signed by MicroStrategy Identity.
Use a third-party tool to create a certificate signing request (CSR) that meets the following requirements:
- RSA key size of at least 3072 bits
- Hash algorithm of SHA-256 or higher
- The CSR uses the following values:
- Organization Name:
Usher - Organizational Unit Name:
Agent
- Organization Name:
You can create a certificate signing request (CSR) using the OpenSSL® utility. If you have installed MicroStrategy Identity on Windows, the OpenSSL utility is included. Alternatively, you can download the OpenSSL utility from https://www.openssl.org/community/binaries.html. On Linux, an openssl utility is included with many distributions.
The steps below contain only the information required to configure or use OpenSSL with MicroStrategy Identity. See the OpenSSL documentation for the latest information.
To Create a CSR Using OpenSSL
- Depending on your platform, do one of the following:
- Windows: Open a command prompt window as administrator, and navigate to the location where OpenSSL is installed.
- If you use the utility installed with MicroStrategy Identity, the default is
C:\Program Files (x86)\Common Files\MicroStrategy\OpenSSL\openssl-1.0.2e\.
- If you installed the utility manually, the default is
C:\OpenSSL- Win32\bin.
- If you use the utility installed with MicroStrategy Identity, the default is
- Linux: Open a terminal window.
-
To create a private key and certificate signing request (CSR), enter the following command:
openssl req -new -newkey rsa:rsaKeySize-shaHashAlgorithm-nodes -subj '/O=Usher/OU=Agent' -keyoutKeyName.key-out CSRName.csrwhere:
rsa:= the RSA key size. For example, enter rsa:3072 to create an RSA key size of 3072 bits.rsaKeySize-sha= the hash algorithm. For example, enter -sha256 to use the SHA-256 hash algorithm.HashAlgorithmKeyName.key= the name that you want to give the private key file. By default, the private key file is created in the current location. To create the file in a different location, include the location path in the KeyName.key parameter.-
CSRName.csr= the name that you want to give the CSR file. By default, the CSR file is created in the current location. To create the file in a different location, include the location path in theCSRName.csrparameter.For example:
openssl req -new -newkey rsa:3072 -sha256 -nodes -subj '/O=Usher/OU=Agent' -keyout UsherApp.key -out UsherApp.csrA CSR (.csr) file and a private key (.key) file are created.
Next, register your MicroStrategy Identity Agent in MicroStrategy Identity Manager.
To Register your MicroStrategy Identity Agent in MicroStrategy Identity Manager
- Log into MicroStrategy Identity Manager.
- Click Users and Badges tab if it is not already highlighted.
- Under User Management, click the
- In the Name Your Connection Agent field, enter names to identify your
- To download the Identity Agent installation file, click Create and Download Agent for Windows or Create and Download Agent for Linux. Note the location on your computer where the installation file (
cluster_AD_install.exe) is saved. - After you download the installation file, Identity Manager provides the MicroStrategy Identity Server URL (labeled as IDM Server URL), the Agent ID, and Registration Code.
Next, Install and Configure the Identity Agent for Microsoft AD