Previous Topic: Enable Active Directory AuthenticationNext Topic: Enable LDAP Authentication

Scenario GuideScenario OverviewEnable CertificationEnable Active Directory and Lightweight Directory Access Protocol (LDAP) Authentication(Optional) Configure Active Directory with SSL Using a Personal Keystore

(Optional) Configure Active Directory with SSL Using a Personal Keystore

You configure Active Directory with SSL using a personal keystore.

Follow these steps:
  1. Download and install openSSL 1.0.1e from the Openssl website.
  2. Open a command prompt and enter the following command: 
    openssl s_client -connect AD_server:636

    Note: AD_server is the Active Directory server address.

    For example: openssl s_client -connect my_ad_server.ca.com:636.

  3. Copy the output (inclusive) to a certificate TXT file:
    ----BEGIN CERTIFICATE----
    to
    ----END CERTIFICATE----
  4. Verify the certificate by running the following command: 
    keytool -printcert -file cert.txt
  5. Locate the JBoss server.keystore file under the following directory: 
    eurekify-jboss/server/eurekify/conf
  6. Add the certificate to the keystore with the following command: 
    "%JAVA_HOME%\bin\keytool" -import -file cert.txt -keystore server.keystore -storepass 123456
  7. Set the following properties in the server:
    sage.security.eurekify.keyStore.file

    Defines the keystore file path.

    Default: none

    sage.security.eurekify.keyStore.password

    Defines the server keystore password.

    Default: none

    Note: (Windows) Alternatively, you can also set Java Virtual Machine (JVM) properties (located in the eurekify.bat file):

    set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit 
set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore="eurekify-jboss/server/eurekify/conf/keystore.txt"

    You have configured Active Directory with SSL using a personal keystore.