Versions Compared

Version Old Version 1 New Version Current
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space IDS and version 8.2

SSL Certificate

Note

NOTE: It is possible to set up Windows to enforce SSL client certificate authentication (which may be the default behavior). This can be controlled by modifying the registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ldap\ldapclientintegrity.

...

The Active Directory certificate can be added to the Java certificate store using the keytool command. Here are example commands for Windows and Linux installations: 

Code Block
languagetext
themeRDark
titleListing 1. Windows:
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\"
setenv.cmd
cd %JRE_HOME%\lib\security
keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit


Code Block
languagetextthemeRDark
titleListing 2. Linux:
cd /usr/local/ubisecure/ubilogin-sso/
. setenv.sh
cd $JRE_HOME/lib/security
keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit

AD Integration User

A dedicated user should be created in Active Directory so it can be used when performing the LDAP bind.
The user must have the following privileges set for Active Directory:

...