To ensure secure communication between KeySecure and the Centrify connector, you need to have a signed client certificate. Depending on your environment and tools available, you might select one of the following options:
- You can create a new client certificate using the KeySecure management console or another tool to use for the Centrify connector. This option is similar to creating the server certificate except that you select Client for the Certificate Purpose.
- You can use an existing client certificate that you use for other secure services.
- You can use the certificate created by the Privileged Access Service.
The first two options assume you are signing the certificate with a trusted local certificate authority and require you to upload the signed client certificate to the connector. The third option requires you to download the Centrify CA certificate onto the KeySecure appliance. After you have selected an option for obtaining the client certificate, you have all of the information required to configure SafeNet KeySecure as the password storage location for the accounts you add to the Privileged Access Service.
For complete information about installing and configuring a SafeNet KeySecure hardware security appliance, see the KeySecure Installation and Configuration Guide.