Managing SSL Certificates for Active Directory

SSL are enabled on Active Directory servers to encrypt user credentials passed between Active Directory and the Vocera Analytics Server.

When SSL is enabled, the Active Directory server requires an SSL certificate. How you manage certificates depends on whether you use self-signed certificates or trusted certificate authority (CA) certificates:

Self-signed certificates—Export the root SSL certificate from each Active Directory server and then add it to the Java keystore on each Vocera Analytics Server machine.
Trusted CA certificates—The root certificate (such as one from Go Daddy or VeriSign) likely already resides in the Java keystore on the Vocera Analytics Server and you don't need to export it. However, if the CA certificate for your Active Directory server is part of a certificate chain, then you must add each intermediate CA certificate in the hierarchy to the Java keystore on each Vocera Analytics Server machine.

For information on adding the Active Directory SSL certificates, refer to Adding the Active Directory SSL Certificate to the Vocera Analytics Server Java Keystore