Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Applies to:

Note
All versions of Cryptshare Server


Symptom:

The connection to LDAP cannot be established using SecureLDAP

Cause:

Usually a self-signed SSL certificate is installed on LDAP server, which cannot be trusted by Java

Solution:

Import the LDAP SSL certificate to Java keystore of Cryptshare Installation

Linux Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the folder /root
  • log in as root on the appliance
  • change into Java folder and change the permissions for keytool

    Code Block
    languagebash
    themeEmacs
    cd /opt/cryptshare-3/jre/bin/
    chmod +x keytool


  • import the SSL certificate

    Code Block
    languagebash
    themeEmacs
    ./keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>

    where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g.  /root/LDAP-SSL-certificate.crt
    The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service

    Code Block
    languagebash
    themeEmacs
    rccryptshare restart


Windows Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server
  • open command line
  • change into Cryptshare Java folder

    Code Block
    languagebash
    themeEmacs
    cd <Cryptshare installation folder>\jre\bin


  • import the SSL certificate

    Code Block
    languagebash
    themeEmacs
    keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>

    where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g.  <User Desktop>\LDAP-SSL-certificate.crt
    The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service

Now the SecureLDAP connection should work fine.


Include Page
ATT:Footer
ATT:Footer