Establish secure LDAPS connections with self-signed certificates to protect the
confidential data.
About this task
IBM Spectrum®
Discover supports LDAPS domain connections
with LDAP servers that are deployed with trusted (CA signed) certificates. To use self-signed
certificates, you need to add the self-signed certificate to the IBM Spectrum
Discover keystone pod trusted certificates list.
Procedure
- Copy the self-signed certificate to the following directory, which is accessible to the
keystone pod:
/opt/ibm/metaocean/data/keystone/cacerts/
If the cacerts directory is not available, you must create the
directory.
- Run the updated certificates script within the keystone pod by using the following
command:
oc exec <spectrum-discover-keystone-pod-name> /update-cacerts.sh
- Recycle the keystone pod by using the following
command:
oc delete pod <spectrum-discover-keystone-pod-name>
Note: Change the certificate on IBM Spectrum
Discover
AD-server to 2048-bit. This secures the LDAPS domain connection.