Create cacerts.pem

This topic describes how to create the cacerts.pem file.

📘

Note

This step is not required unless you change the AWSCLI.py script to enable certificate pinning. By default, certificate pinning is disabled.

Because certificate pinning is disabled by default as of the 22.3 release, the embedded certificate no longer requires annual renewal.

There are two different methods to create the cacerts.pem file.

From the Browser:

  1. Open your Idaptive instance in the browser. For example pod0.idaptive.app in Firefox
  2. Click on the browser's lock icon located to the left side of the URL
  3. Click on the arrow > then More Information to view Security information
  4. Click on View Certificate button
  5. In the Certificate Viewer, there are two buttons General and Detail. Click on Detail to view the certificate chain
Certificate typeCertificate example
Leaf certificate*.instance.idaptive.app
Intermediate certificateGo Daddy Secure certificate authority - G2
Root certificateGo Daddy Root Certificate authority - G2
  1. Click on each certificate to save the files in .crt format.
  2. Open the leaf certificate. For example: *.instance.idaptive.app
  3. Open the intermediate certificate, copy the contents, and paste it as text after the leaf certificate content.
  4. Open the root certificate, copy the contents, paste it after the intermediate certificate contents
  5. Save the file to the root directory of the script. For example where the AWSCLI.py file exists.
  6. Rename the file to cacerts_<tenant_name>.pem, replacing <tenant_name> with your tenant name

From the Terminal

  1. Run the openssl unix command. Ensure your_tenant is replace with your existing tenant.
openssl  s_client  -connect  your_tenant.idaptive.app:443 -showcerts  2>&1  |  sed  -ne  '/-BEGIN  CERTIFICATE-/,/-END  CERTIFICATE-/p'  >  cacerts_your_tenant.pem
  1. Open the cacerts_ your_tenant.pem file.

📘

Remember

your_tenant is a placeholder for your tenant value.

Copy the certificate text below, and append it to the end of the file.

-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----
  1. Save the cacerts_your_tenant.pem file in the root directory of the script. For example, where the AWSCLI.py file exists.