Configure Connect Directory Services to use LDAPS

Issue

You can configure Adobe Connect to import and synchronize users from Lightweight Directory Access Protocol (LDAP) servers. However, the default configuration of Connect Directory Services does not encrypt communications to the LDAP server. This document describes one method of configuring Adobe Connect to use LDAPS and encrypt the information to and from the LDAP server

Solution

The solution involves using the Java keytool command to import the LDAP server's certificate into the Connect JVM trustStore. If the server certificate is in PEM (Privacy Enhanced Mail) format, convert the certificate to DER-encoded (Distinguished Encoding Rules) or Base64-encoded format. To perform this conversion, see step 2 under Additional Information.

For the following steps, Connect_install_path is the root directory of this Connect installation.

  1. Copy (export) the LDAP servers certificate file to the Connect server.
  2. Locate the trustStore used for the Connect server instance. For a default Connect installation, the trustStore is:breeze_install_path/appserv/win32/jre/lib/security/cacerts

    Note: For 9.5 and later versions, the path for cacerts is: breeze_install_path:\Connect\9.5.0\jre\lib\security\cacerts

  3. Import the LDAP server's certificate into the trustStore:
  • Open a command prompt to the trustStore directory. For default installs: connect_install_path/appserv/win32/jre/lib/security/
  • Type the following command supplying the path (relative or fully qualified) to your LDAP server's certificate file and the trustStore file location: 
    • breeze_install_path/appserv/win32/jre/bin/keytool -import -alias [nickname for cert] -file [cert filename and path] -keystore [trustStore filename and path] -storepass [trustStore password]
    • Note: For 9.5 and later versions use below command:

    breeze_install_path/Connect/9.5.0/jre/bin/keytool -import -alias [nickname for cert] -file [cert filename and path] -keystore [trustStore filename and path] -storepass [trustStore password]

Note: If an unknown certificate authority created the LDAP server's certificate, then verify the certificate's information and confirm the import. (An example of an unknown certificate authority is a self-signed certificate.)

For example:
keytool -import -alias ldapServerCert -file C:\Certs\ldapservercert.der -keystore cacerts -storepass changeit

Note: The default password for the trustStore is changeit. Change the password to increase security on the file.

  • Restart Breeze.

Additional Information

  1. If the certificate is in PEM format, convert it to DER format.
  • Install open SSL (if it is not installed yet) and run this command:
    • openssl x509 -in [original certificate filename and path].pem -out [target filename and path].der

Get help faster and easier

New user?