Configuring LDAP with SSL

This procedure describes how to configure LDAP with SSL/TLS, which takes the LDAP certificate (signed by CA) and adds it to the JRE trusted CA (cacerts) keystore.

To configure LDAP with SSL:

1. Import the CA certificate that signed the LDAP directory’s certificate, by running the following:

   <MFT JRE>/keytool -importcert -keystore <MFT JRE>/lib/security/cacerts -file <certificate> -alias <unique name>

   EXAMPLE: /home/ctmagent/ctm/cm/AFT/JRE_LINK/bin/keytool -v -importcert -keystore /home/ ctmagent/ctm/cm/AFT/JRE_LINK/lib/security/cacerts -file /p/qadata/LDAP/tlvldap.cer -alias myldap

2. At the password prompt, type changeit.
3. Modify the LDAP Server URL parameter to use LDAPS, as described in LDAP Settings for Internal Users (default SSL port is 636).

   EXAMPLE: ldaps://tlv-ldp-srv.bmc.com:636

4. Restart the Hub.