Import the LDAP Certificate

Setting Up LDAP Authentication › Enable LDAPS Authentication › Import the LDAP Certificate

Import the LDAP Certificate

To run with LDAPS, you must import an LDAP certificate into the Java keystore.

If you do not already have an SSL certificate, you can generate one using the keytool command. This procedure explains how to import a certificate from a CA and install it in the keystore.

Follow these steps:

Obtain the certificate from the LDAP server administrator.
Import the certificate into the Java Trusted Certificates keystore using the following command:
```
keytool -importcert -keystore installDirectory/jre/
lib/security/cacerts -storepass cacertspasswd -alias 
alias -file filename.cer
```
keystore

The location of the keystore file (.ks).

cacertspasswd

Specifies the password for the cacerts keystore.

Default: changeit

filename.cer

The filename of the certificate.
Create a backup of the cacerts file.
(Optional) For more security, change the password of the java trusted certificates keystore using the following command:
```
keytool -storepasswd -keystore installDirectory/
jre/lib/security/cacerts
```
You are prompted to provide the existing password and the new password.
Verify that your imported certificate is available. Use the following command:
```
keytool -list -keystore installDirectory/jre/
lib/security/cacerts
```
Important! To enable the web services, the certificate must be in the cacerts keystore. Otherwise, you see an error in the log that reports that PKIX did not find a certificate.