Configuring self-signed certificates to secure LDAPS connection

Establish secure LDAPS connections with self-signed certificates to protect the confidential data.

About this task

IBM Spectrum® Discover supports LDAPS domain connections with LDAP servers that are deployed with trusted (CA signed) certificates. To use self-signed certificates, you need to add the self-signed certificate to the IBM Spectrum Discover keystone pod trusted certificates list.

Procedure

  1. Copy the self-signed certificate to the following directory, which is accessible to the keystone pod:
    /opt/ibm/metaocean/data/keystone/cacerts/ 
    If the cacerts directory is not available, you must create the directory.
  2. Run the updated certificates script within the keystone pod by using the following command:
    oc exec <spectrum-discover-keystone-pod-name> /update-cacerts.sh
  3. Recycle the keystone pod by using the following command:
    oc delete pod <spectrum-discover-keystone-pod-name>
    Note: Change the certificate on IBM Spectrum Discover AD-server to 2048-bit. This secures the LDAPS domain connection.