Previous Topic: Enable Active Directory AuthenticationNext Topic: Enable LDAP Authentication

Configuration GuideAuthentication OptionsEnable Active Directory AuthenticationConfigure Active Directory with SSL Using a Personal Keystore

Configure Active Directory with SSL Using a Personal Keystore

Use the following instructions if you want to configure Active Directory with SSL using a personal keystore.

  1. Install openSSL.
  2. Run the following command:

    openssl s_client -connect AD_server:636

  3. Copy the following output (inclusive) to a certificate TXT file:
    ----BEGIN CERTIFICATE----
    to
    ----END CERTIFICATE----
  4. Verify the certificate by running the following command:

    keytool -printcert -file cert.txt

  5. Locate the JBoss server.keystore file under the following CA GovernanceMinder server directory:

    eurekify-jboss/server/eurekify/conf

  6. Add the certificate to the keystore with the following command:

    "%JAVA_HOME%\bin\keytool" -import -file cert.txt -keystore server.keystore -storepass 123456

  7. Set the following properties in the server:

    It is also possible to use JVM properties for the previous settings (in the eurekify.bat file):
    set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.keyStorePassword=changeit
    set JAVA_OPTS=%JAVA_OPTS% -Djavax.net.ssl.trustStore="eurekify-jboss/server/eurekify/conf/keystore.txt"