secadm mitrustsetup - Security Administration: Trusted Connections Setup

secadm mitrustsetup create --miservice serviceName --alias Landmark-envname

secadm mitrustsetup import m3be-alias.cer

The secadm mitrustsetup command enables you to set up a trusted connection between Landmark and the M3 Business Engine. Once the MI Socket trusted connections are set up, the Landmark server and the M3 Business Engine server will authenticate to each other using public key certificates. Landmark will authenticate users against the central repository and then send only the user names (no passwords) to the M3 Business Engine when accessing through the MI socket. Because the M3 Business Engine knows that it is indeed communicating to Landmark and that Landmark has authenticated the user, there is no need to authenticate the users again. This setup simplifies the maintenance of users in a Landmark system that is connected to the M3 Business Engine via an MI socket connection. Without this procedure, you will need to maintain user passwords in both a Landmark service for MI socket and in a central repository, such as your corporate LDAP.

There are two forms of the secadm mitrustsetup command. One for creating a certificate file for exporting, and one for importing the certificate into the Landmark environment.

For the procedure to set up MI socket trusted connections between Landmark and M3 Business Engine, see the Infor Landmark Technology Server Setup and Maintenance Guide or the M3 Enterprise Extensions Administration Guide.

Note: 

Before using the secadm mitrustsetup command, be sure to create the following backups. If an error occurs when you use secadm mitrustsetup, you will not be able to delete entries from the Landmark keystore. You will need a backup.

  • The file system - especially the Landmark environment directories, including %LASYSDIR%

  • The .ssokeystore, .ssotruststore and authen.dat files

Parameters Description
create

The create parameter accomplishes the following:

  • In .ssokeystore, a key pair and self-signed certificate with alias Landmark-envname_rsa are created.

  • On the MISOCKET service, the service property SystemDN is set to "cn=Landmark-envname,o=lawson". This is so that Landmark knows which certificate to present to the M3 Business Engine.

  • In %LASYSDIR%, an exported certificate file is created: Landmark-envname_rsa.cer
--miservice serviceName Specify the name of the service that has set up for Landmark to M3 Business communication, such as the MISOCKET service for the M3 Enterprise Extensions.
--alias Landmark-envname Specify the name of the Landmark environment.
import m3be-alias.cer The import command imports the M3 BE alias certificate that has been copied to the %LASYSDIR% directory. To create this certificate, see the instructions in the "Setting Up a Service for MI Socket Trusted Connections between Landmark and M3 Business Engine" in the Infor Landmark Technology Server Setup and Maintenance Guide or the M3 Enterprise Extensions Administration Guide.