Re: howto: LDAP SSL ? (218 Views)
Reply
Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 1 of 5 (233 Views)
Accepted Solution

howto: LDAP SSL ?

[ Edited ]

Can HPA Accept LDAPs that use self-signed certificate? 

I have OpenLDAP that configured with SSL with local certificate.

I've changed the parameters of config file to SSL = true and port = 636, but in BSF log I see that connection failed.

Is this something that I've missed?

Please use plain text.
Honored Contributor
Yossi_Gutin
Posts: 209
Registered: ‎04-04-2013
Message 2 of 5 (218 Views)

Re: howto: LDAP SSL ?

[ Edited ]

Hi
Yes, you can use self-signed certificate.


You need to bring server certificate and store it in the HPA JVM by running the following JMX with LDAP hostname and secure port as parameters:

jmx-console -> diamond -> CertificateJMX service, fetching certificate from trusted server

 

--------------------------------------------------------------------------------------
If some answer solves your problem, please mark it as a solution.
Please use plain text.
Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 3 of 5 (193 Views)

Re: howto: LDAP SSL ?

Thanks a lot, I'll give it a try!

Please use plain text.
Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 4 of 5 (189 Views)

Re: howto: LDAP SSL ?

I've checked the Scripts directory and there is no such batch file "add-server-certificate.bat"...
Also, where the should I put LDAP server PEM file on the HPA machine?
Please use plain text.
Honored Contributor
Yossi_Gutin
Posts: 209
Registered: ‎04-04-2013
Message 5 of 5 (182 Views)

Re: howto: LDAP SSL ?

Sorry, the batch file does not exist in HPA, please use JMX console instead:

jmx-console -> diamond -> CertificateJMX service, fetching certificate from trusted server

 

I will update the original answer

--------------------------------------------------------------------------------------
If some answer solves your problem, please mark it as a solution.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation