Previous Topic: Enable LDAPS AuthenticationNext Topic: Validate LDAP Settings

Setting Up LDAP AuthenticationEnable LDAPS AuthenticationImport the LDAP Certificate

Import the LDAP Certificate

To run with LDAPS, you must import an LDAP certificate into the Java keystore.

If you do not already have an SSL certificate, you can generate one using the keytool command. This procedure explains how to import a self-signed certificate and install it in the keystore.

Follow these steps:

  1. Obtain the certificate from the LDAP server administrator.
  2. Import the certificate into the Java Trusted Certificates keystore using the following command: 
    keytool -importcert -keystore installDirectory/jre/lib/security/cacerts -storepass cacertspasswd -alias capcSelfSigned -file filename.cer
    cacertspasswd

    Specifies the password for the cacerts keystore.

    Default: changeit

    filename.cer

    The filename of the certificate.

  3. Create a backup of the cacerts file.
  4. (Optional) For more security, change the password of the java trusted certificates keystore using the following command: 
     keytool -storepasswd -keystore installDirectory/jre/lib/security/cacerts

    You are prompted to provide the existing password and the new password.

  5. Verify that your imported keystore is available. Use the following command: 
    keytool -list -keystore installDirectory/jre/lib/security/cacerts

    Important! To enable the web services, the self-signed certificate must be in the cacerts keystore. Otherwise, you see an error in the log that reports that PKIX did not find a certificate.