If you are using LDAP over SSL/TLS, you must import an LDAP certificate to the local
trust store before you can configure LDAP for user provisioning. It is needed to build a secure
communication between the OpenPages® with Watson™ servers and
your LDAP over SSL/TLS server.
Before you begin
The target LDAP server from which you are going to retrieve the certificate must be running and
listening on the port.
Procedure
- Get the certificate from your LDAP server by using your browser or
openssl
.
- Import the certificate by running this command:
keytool -importcert -v -alias <CERTIFICATE_ALIAS> -file <CERTIFICATE_NAME> -keystore <STORE_PATH> -storetype PKCS12 -storepass <STORE_PASSWORD>
Where:
- <CERTIFICATE_ALIAS> type an alias for the certificate.
- <CERTIFICATE_NAME> is the file name of the certificate.
- <STORE_PATH> is the full path and file name of the trust store on the
application server. For example:
<OP_HOME>/wlp-usr/servers/<server_name>Server<#>/resources/security/key.p12
- <STORE_PASSWORD> is the password of the trust store on the application
server.
For more information, see Adding trusted certificates in Liberty in the WebSphere®
Liberty documentation.
- Restart the OpenPages with Watson application
services.
- Repeat these steps on each application server.