Administer > Configuration > Secure Connections > Configure Secure Connections for LDAP

Configure Secure Connections for LDAP

If the LDAP server requires a secure connection, follow these steps to import the LDAP server Certificate Authority's root certificate into the Java truststore of CSA. If necessary, contact your LDAP administrator to obtain the LDAP server certificate.

If the LDAP server does not require a secure connection, you can omit this task.

Note If you have configured CSA to be compliant with FIPS 140-2, you must substitute the CSA server truststore (for example, csa_server_truststore.p12) for the Java truststore (cacerts) and substitute the CSA server truststore password for the Java truststore password (changeit) in the examples. See the Cloud Service Automation FIPS 140-2 Compliance Configuration Guide for more information about the CSA server truststore and password.

  1. Open a command prompt and run the keytool utility with the following options to create a local trusted certificate entry for the LDAP server.

    Windows:

    "CSA_JRE_HOME\bin\keytool" -importcert -trustcacerts -alias ldap
    -keystore "CSA_JRE_HOME\lib\security\cacerts"
    -file <c:\certfile_name.cer> -storepass changeit

    Linux:

    CSA_JRE_HOME/bin/keytool -importcert -trustcacerts -alias ldap
    -keystore CSA_JRE_HOME/lib/security/cacerts
    -file </tmp/certfile_name.cer> -storepass changeit

    where CSA_JRE_HOME is the directory in which the JRE that is used by CSA is installed and <c:\certfile_name.cer> on Windows or </tmp/certfile_name.cer> on Linux is the path and name of the Certificate Authority's root certificate for the LDAP server. The file extension may be .crt rather than .cer. You can also use a different value for -alias.

  2. At the prompt to import the certificate, type Yes.
  3. Press Enter.
  4. Restart CSA.

    See Restart CSA for instructions.