...
If an LDAPS connection is used when connecting to the selected external directory then an SSL certificate is required. First the SSL certificate needs to be created for example by using the Microsoft Certificate Authority. Then it needs to be transferred to the Ubisecure server and added to the trusted certificates in the Java Runtime Environment. Note that Ubisecure SSO Server includes its own Java implementation and that is where the certificate needs to be added.In Windows the Java certificate storage that Ubisecure SSO Server uses is by default in the following file:
C:\Program Files\Ubisecure\ubilogin-sso\java\lib\security\cacerts
The certificate can be added to the Java certificate store using the keytool command. Here are is example commands command for Windows and Linux installations when assuming keytool is in the path:
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
cd /d "C:\Program Files\Ubisecure\ubilogin-sso\"
setenv.cmd
cd %JAVA_HOME%\lib\security
keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit | ||||||
| ||||||
cd /usr/local/ubisecure/ubilogin-sso/ ./setenv.sh cd $JAVA_HOME/jre/lib/security keytool -importcert -keystore cacerts -trustcacerts -alias mytrustedca -file <insert filename here> -storepass changeit |
...