If you are using LDAP over SSL/TLS, you must import an LDAP certificate to the local
truststore before you can configure LDAP for user provisioning. It is needed to build a secure
communication between the OpenPages® servers and
your LDAP over SSL/TLS server.
Before you begin
The target LDAP server from which you are going to retrieve the certificate must be running and
listening on the port.
Procedure
-
Get the certificate from your LDAP server by using your browser or
openssl.
-
Import the certificate by running this command:
keytool -importcert -v -alias <CERTIFICATE_ALIAS> -file <CERTIFICATE_NAME> -keystore <STORE_PATH> -storetype PKCS12 -storepass <STORE_PASSWORD>
Where:
-
<CERTIFICATE_ALIAS> type an alias for the certificate.
-
<CERTIFICATE_NAME> is the file name of the certificate.
-
<STORE_PATH> is the full path and file name of the truststore on the
application server. For example:
<OP_HOME>/wlp-usr/servers/<server_name>Server<#>/resources/security/key.p12
-
<STORE_PASSWORD> is the password of the truststore on the application
server.
For more information, see Adding trusted certificates in Liberty in the WebSphere®
Liberty documentation.
-
Restart the OpenPages application
services.
-
Repeat these steps on each application server.