Configuring Secure Sockets Layer
By default, communications between the Repository and the LDAP server are unencrypted. You can configure the LDAP server and Worklist Manager to use Secure Sockets Layer (SSL).
To encrypt communications between the Repository and
the LDAP server
-
Configure SSL on the LDAP server.
Ensure that the LDAP server is configured to use the Secure Sockets Layer (SSL). For detailed instructions, see the documentation provided with the LDAP server.
-
Export the LDAP server certificate to a file.
-
Import the LDAP server certificate to the Repository’s list of trusted certificates. The following steps use the keytool program. This program is included with the Repository (as well as the Java SDK).
-
From a command prompt, navigate to <JavaCAPS_home>\repository\1.5.0_10\jre\bin.
-
Run the following command:
keytool -import -trustcacerts -alias alias -file certificate_filename -keystore cacerts_filename
For the -alias option, assign any value.
For the -file option, specify the fully qualified name of the LDAP server certificate. For example:
C:\ldap\mycertificate.cer
For the -keystore option, specify the fully qualified name of the cacerts file, located in <Java CAPS_home>\repository\1.5.0_10\jre\lib\security. For example:
C:\JavaCAPS51\repository\1.5.0_10\jre\lib\security\cacerts
-
When prompted, enter the keystore password. The default password is changeit.
-
When prompted whether to trust this certificate, enter yes.
The following message appears:
Certificate was added to keystore
-
In the Realm element of the server.xml file, modify the URL of the LDAP server as follows:
- © 2010, Oracle Corporation and/or its affiliates