You create one connector for each domain. The connector defines the parameters that are used for True SSO.

For readability, the options shown in the following table do not represent the complete command you would enter. Only the options specific to the particular task are included. For example, one row shows the --list --connector options, but the vdmUtil command you would actually enter also contains options for authentication and for specifying that you are configuring True SSO: 

vdmUtil --authAs admin-role-user --authDomain netbios-name --authPassword admin-user-password --truesso --list --connector

For more information about the authentication options, see Command-line Reference for Configuring True SSO.

Table 1. vdmutil truesso Command Options for Managing Connectors
Options Description
--create --connector --domain domain-fqdn --template template-name --primaryEnrollmentServer enroll-server1-fqdn [--secondaryEnrollmentServer enroll-server2-fqdn] --certificateServer CA-common-name --mode {enabled |disabled} Creates a connector for the specified domain and configures the connector to use the following settings:
  • template-name is the name of the certificate template to use.
  • enroll-server1-fqdn is the FQDN of the primary enrollment server to use.
  • enroll-server2-fqdn is the FQDN of the secondary enrollment server to use. This setting is optional.
  • CA-common-name is the common name of the certificate authority to use. This can be a comma-separated list of CAs.

To determine which certificate template and certificate authority are available for a particular enrollment server, you can run the vdmutil command with the --truesso --environment --list --enrollmentServer enroll-server-fqdn --domain domain-fqdn options.

--list --connector Lists the FQDNs of the domains that already have a connector created.
--list --connector --verbose Lists all the domains that have connectors, and for each connector, provides the following information:
  • Primary enrollment server
  • Secondary enrollment server, if there is one
  • Name of the certificate template
  • Whether the connector is enabled or disabled
  • Common name of the certificate authority server or servers, if there are more than one
--edit --connector domain-fqdn [--template template-name] [--mode {enabled |disabled] [--primaryEnrollmentServer enroll-server1-fqdn] [--secondaryEnrollmentServer enroll-server2-fqdn] [--certificateServer CA-common-name] For the connector created for the domain specified by domain-fqdn, allows you to change any of the following settings:
  • template-name is the name of the certificate template to use.
  • The mode can be either enabled or disabled.
  • enroll-server1-fqdn is the FQDN of the primary enrollment server to use.
  • enroll-server2-fqdn is the FQDN of the secondary enrollment server to use. This setting is optional.
  • CA-common-name is the common name of the certificate authority to use. This can be a comma-separated list of CAs.
--delete --connector domain-fqdn Deletes the connector that has been created for the domain specified by domain-fqdn.