Configuration Guide › Authentication Options › Enable Active Directory Authentication › Configure Active Directory with SSL Using a Personal Keystore

Configure Active Directory with SSL Using a Personal Keystore

You configure Active Directory with SSL using a personal keystore.

Follow these steps:

1. Install openSSL.
2. Run the following command:

   openssl s_client -connect AD_server:636
   

3. Copy the following output (inclusive) to a certificate TXT file:
   ----BEGIN CERTIFICATE----
   to
   ----END CERTIFICATE----
4. Verify the certificate by running the following command:

   keytool -printcert -file cert.txt
   

5. Locate the JBoss server.keystore file under the following directory:

   eurekify-jboss/server/eurekify/conf
   

6. Add the certificate to the keystore with the following command:

   "%JAVA_HOME%\bin\keytool" -import -file cert.txt -keystore server.keystore -storepass 123456
   

7. Set the following properties in the server:
   • sage.security.eurekify.keyStore.file
   • sage.security.eurekify.keyStore.password

     It is also possible to use JVM properties for the previous settings (in the eurekify.bat file):
     

     set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit 
     set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore="eurekify-jboss/server/eurekify/conf/keystore.txt"
     

   You have configured Active Directory with SSL using a personal keystore.