Renew or reinstall MIM Service certificate RRS feed

All replies

  • As I recall it just needs to be a typical SSL cert that everyone in the org that will contact the MIM service directly will trust. You can also do the self-signed option. If you do the self-signed option then "setup will generate a new certificate, V3 for all application policies, all issuance policies, with a subject of ForefrontIdentityManager with a 20 year expiration and install it in the personal store of the computer account and the FIM Service account." (from FIM Best Practice Volume 1 Chapter 7). 

    If you use your own PKI then you can use the Server Authentication template as long as you give it the correct subject name.

    David Lundell, Twitter | Hire Identity Managed | FIM Best Practices book | How to Be an MVP in Life book

    Wednesday, June 26, 2019 2:04 AM