Use > Hardening > Universal CMDB Login Authentication > Setting a Secure Connection with the SSL (Secure Sockets Layer) Protocol

Setting a Secure Connection with the SSL (Secure Sockets Layer) Protocol

Since the login process involves the passing of confidential information between Universal CMDB and the LDAP server, you can apply a certain level of security to the content. You do this by enabling SSL communication on the LDAP server and configuring Universal CMDB to work using SSL.

Universal CMDB supports SSL that uses a certificate issued by a trusted Certification Authority (CA).

Most LDAP servers, including Active Directory, can expose a secure port for an SSL based connection. If you are using Active Directory with a private CA, you must add your CA to the trusted CAs in the JRE.

For details on configuring the Universal CMDB platform to support communication using SSL, see Enabling Secure Sockets Layer (SSL) Communication .

To add a CA to trusted CAs to expose a secure port for an SSL based connection:

  1. Export a certificate from your CA and import it into the JVM that is used by Universal CMDB, using the following steps:

    1. On the UCMDB Server machine, access the C:\UCMDB\UCMDBServer\bin\JRE\bin folder.

    2. Run the following command:

      Keytool -import -file <your certificate file> -keystore C:\UCMDB\UCMDBServer\bin\JRE\lib\security\cacerts

      For example:

      Keytool -import -file c:\ca2ss_ie.cer -keystore C:\UCMDB\UCMDBServer\bin\JRE\lib\security\cacerts
    1. Go to JMX console UCMDB:service=LDAP Services > configureLDAPServer method.
    2. Enter the value for the ldapURL setting using the format:

      ldaps://<ldapHost>[:<port>]/[<baseDN>][??scope]

      For example:

      ldaps://my.ldap.server:389/ou=People,o=myOrg.com??sub/

      Note the s in ldaps.

    3. Enter the values for the other relevant settings and click Invoke.

    Note If you already configured an LDAP server, you have to delete it and then reconfigure it using the above step.