Description:
This document goes over the steps for installing CA ITPAM when EEM is on a different server and how to get the certificate from the EEM server to the correct location on the ITPAM server.
Solution:
When installing ITPAM using an EEM server that is installed on a different server, the first step will be to run the registration xml file using the safex command for EEM.
This is outlined in the installation guide under the Prepare to Install section in the sub section for Directory Server Prerequisites.
Copy the itpam_eem.xml file from DVD2\EEM\ to the iTechnology folder on the server where EEM is installed. This will be C:\Program Files\CA\SharedComponents\iTechnology. If you need to change the defined certificate password, open the itpam_eem.xml file in a text editor and change the password from itpamcertpass to a password of your choosing.
Open a command window on this machine and navigate to the iTechnology folder and run the safex command as follows:
safex -h localhost -u EiamAdmin -p <EiamAdmin password> -f itpam_eem.xml
Once this is successfully registered you can start the ITPAM installation on the other machine.
To properly get the newly created itpamcert.p12 file from the iTechnology folder on the EEM server to the ITPAM installation directory structure on the ITPAM server, you can do either of the following:
For Unix/Linux installations, the basic principals outllined here still apply as well as the safex command input, though the directory structures will be different.