Description:

This document goes over the steps for installing CA ITPAM when EEM is on a different server and how to get the certificate from the EEM server to the correct location on the ITPAM server.

Solution:

When installing ITPAM using an EEM server that is installed on a different server, the first step will be to run the registration xml file using the safex command for EEM.

This is outlined in the installation guide under the Prepare to Install section in the sub section for Directory Server Prerequisites.

Copy the itpam_eem.xml file from DVD2\EEM\ to the iTechnology folder on the server where EEM is installed. This will be C:\Program Files\CA\SharedComponents\iTechnology. If you need to change the defined certificate password, open the itpam_eem.xml file in a text editor and change the password from itpamcertpass to a password of your choosing.

Open a command window on this machine and navigate to the iTechnology folder and run the safex command as follows:

   safex -h localhost -u EiamAdmin -p <EiamAdmin password> -f itpam_eem.xml  

Once this is successfully registered you can start the ITPAM installation on the other machine.

To properly get the newly created itpamcert.p12 file from the iTechnology folder on the EEM server to the ITPAM installation directory structure on the ITPAM server, you can do either of the following:

1. For the duration of the install open a share from the ITPAM install server to the EEM server's iTechnology directory. When prompted for the EEM itpamcert file you can then use this path so that the file can be copied from the EEM server to the ItPAM server. Once the installation is complete you can feel free to close the share.
   
   
2. Manually copy the itpamcert.p12 file from the iTechnology folder on the EEM server to a location on the ITPAM server that the installer has access to. TEMP directories are usually not a good location. A suggestion is to create a folder off the root of C: or D: and place this itpamcert.p12 file there. During the ITPAM installation you will be prompted for the location of this file and the installer will always have access to the file.

For Unix/Linux installations, the basic principals outllined here still apply as well as the safex command input, though the directory structures will be different.