Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 3 replies
  • Subscribers 5 subscribers
  • Views 8346 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Active Directory Syncronization with SGN

mlvid

Hello,

I would like to know if anyone developed an VBS script to syncronize the SGN solution with the active direcory server importing the certificates of the users if they are available.

On the other hand, i am getting the error message "the certificate chain can not be built" when importing a user certificate using the Sophos API (VBS SCRIPT). The same process performed manually using the console (same user and certificate) is working properly. Could you please help me with that issue?

Thanks for your support

Best regards

:26921


This thread was automatically locked due to age.
  • 0

    Hi mlvid,

    with the SafeGuard Enterprise installation media, there is a sample script which will help you to import certificates to an existing SafeGuard Enterprise User. The sample is called Certificates.API.vbs, the function is explained in the upper part of the file, see function 4 > import and assign an existing certificate.

    Here comes the catch: The SafeGuard Enterprise API cannot be used to import and assign certificates directly from the PKI. So what you would need to do is to export the existing p7 / p12 certificates from your PKI and import the certificates using the SGN AP and the script mentioned above.

    mlvid wrote:

    On the other hand, i am getting the error message "the certificate chain can not be built" when importing a user certificate using the Sophos API (VBS SCRIPT). The same process performed manually using the console (same user and certificate) is working properly. Could you please help me with that issue?

    Did you test that with the very same user?

    Regards,

    Chris

    :27025
  • 0

    Did you test that with the very same user?

    Yes, I tested it with the very same user and the very same certificate. I've got the user certificate from his smartcard. I can assign the certificate manually from the safeguard administration console.

    But I can not assign the same certificate to the same user using the function ImportAndAssignCertToUser() and i am getting the error message "the certificate chain can not be built".

    Can you help me with this issue.

    Thanks in advanced

    :27031
  • 0

    I have found the problem and a product bug.

    It is important to know that I have installed sgn server and sgn console administration in different machines.

    The product looks for the herarchy chain in a file in the directory: c:\documents and settings\All users\Program data\SafeGuard Enterprise\cbi\certs

    The file with the herarchy chain has different name at the server machine that in the console administration machine. At the server machine the SGN API is searching for the herarchy chain at the wrong file. I have guest it reading the file logfile.sgt

    It is important to resolve it in the 5.6 SGN version.

    :27151
Unfiltered HTML