Versions Compared

Old Version 1

changes.mady.by.user Andrew Skinner

Saved on

compared with

New Version 2

changes.mady.by.user Andrew Skinner

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

As the Management Console establishes a connection with LDAPS through JSSE (Java Secure Socket Extension) the truststore/keystore being used by the JSSE needs to contain a certificate signed by the CA (Certificate Authority) used to sign the LDAPS certificate. By default the Management Console uses the JRE (Java Runtime Environment) truststore, this truststore is located under <jre_dir>\lib\security and it's its name is cacerts.

To allow the connection to the LDAPS to be secured the Root CA signed certificate needs certificate and Intermediate CA certificate need to be imported to the cacerts truststore, to do this the command-line based keytool which comes with JRE needs to be used. A User manual for Windows is available, and separate one is for Solaris and Unix-based systems covering the use of the the keytool. 

To list all the certificates present in the cacerts truststore the following command should be run:

...

Here it is implied that JRE is located under c:\Program Files\Java\jre1.8.0_151 folder, and that password for default truststore is changeit; this password is the default for this truststore and might be changed if necessary.

To import the certificate certificates signed by the CA which issued the certificate for LDAPS, the following command should be executed:

...

Following the successful import of the certificate certificates into the truststore the Blancco Management Console service will need to be restarted. Once completed the authentication of AD user accounts over LDAPS will be possible.