This TechNote explains how to make the Connect LDAP Authenticator bind over an SSL/TLS connection to your LDAP server. Please make sure that you have already configured your LDAP authenticator correctly.

Note: You must enable SSL on your LDAP server. For details, contact your LDAP server administrator.

  1. Obtain a Certificate Authority (CA) certificate that was used to sign the certificate for the LDAP server. Assume the name is ca_cert_file.pem for this example.
  2. Open a command prompt.
  3. Type the following:



    cd c:\breeze\appserv\win32\jre\lib\security
  4. Type the following command to import the CA certificate into the keystore of Connect's JVM.



    keytool -import -file ca_cert_file.pem -keystore cacerts “trustcacerts



    Note: keytool.exe might not be in your path. It can be found in the following directory:

    C:\breeze\appserv\win32\jre\bin directory.
  5. After executing the command above, you will be asked to enter the password for the keystore. If you haven't changed the password, the default should be 'changeit'.
  6. Enter yes to confirm that you will trust the certificate.



    You will see something like this:



    C:\breeze\appserv\win32\jre\lib\security>keytool -import -file cacert.pem -keystore cacerts -trustcacerts Enter keystore password: changeit Owner: O=Root Certification Authority, EMAILADDRESS=ca@exampleca.org, C=US, ST=California, CN=Example CA Issuer: O=Root Certification Authority, EMAILADDRESS=ca@exampleca.org, C=US, ST=California, CN=Example CA Serial number: 8e8f079d2afd7e91 Valid from: Mon May 08 13:02:12 PDT 2006 until: Wed Jun 07 13:02:12 PDT 2006 Certificate fingerprints: MD5: 44:79:68:0F:7E:38:F0:73:7C:1C:7A:C6:5B:0A:BA:16 SHA1: 8A:06:32:37:B2:A0:41:FC:3E:64:AD:AA:5E:03:E0:4E:79:99:83:69 Trust this certificate? [no]: yes Certificate was added to keystore
  7. Open your ldap_bsa.xml and put 'ldaps' for <protocol> element.



    <protocol>ldaps</protocol>
  8. Restart the Connect Service.

Now, you are ready to have the LDAP Authenticator bind to the LDAP server over the SSL.

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License  Twitter™ and Facebook posts are not covered under the terms of Creative Commons.

Legal Notices   |   Online Privacy Policy