...
The usage of SSL is required when making the LDAP connection from Ubisecure SSO to Active Directory. First the SSL certificate needs to be created for example by using the Microsoft Certificate Authority. Then it needs to be added to both the Ubisecure SSO and Ubisecure CustomerID servers by adding it to the trusted certificates in the Java Runtime Environments. In Windows the Java certificate storage is by default in the following file:
%JRE_HOME%\lib\security\cacerts
The Active Directory certificate can be added to the Java certificate store using the keytool command. Here are example commands for Windows and Linux installations:
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd %JRE_HOME%\lib\security set keytool="%JRE%JAVA_HOME%\bin\keytool.exe" %keytool% -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
cd $JRE_HOME/lib/security keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit |
...