Re: howto: LDAP SSL ? (273 Views)
Reply
Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 1 of 5 (288 Views)
Accepted Solution

howto: LDAP SSL ?

[ Edited ]

Can HPA Accept LDAPs that use self-signed certificate? 

I have OpenLDAP that configured with SSL with local certificate.

I've changed the parameters of config file to SSL = true and port = 636, but in BSF log I see that connection failed.

Is this something that I've missed?

Honored Contributor
Yossi_Gutin
Posts: 209
Registered: ‎04-04-2013
Message 2 of 5 (273 Views)

Re: howto: LDAP SSL ?

[ Edited ]

Hi
Yes, you can use self-signed certificate.


You need to bring server certificate and store it in the HPA JVM by running the following JMX with LDAP hostname and secure port as parameters:

jmx-console -> diamond -> CertificateJMX service, fetching certificate from trusted server

 

--------------------------------------------------------------------------------------
If some answer solves your problem, please mark it as a solution.
Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 3 of 5 (248 Views)

Re: howto: LDAP SSL ?

Thanks a lot, I'll give it a try!

Occasional Contributor
evgenyk
Posts: 4
Registered: ‎04-23-2013
Message 4 of 5 (244 Views)

Re: howto: LDAP SSL ?

I've checked the Scripts directory and there is no such batch file "add-server-certificate.bat"...
Also, where the should I put LDAP server PEM file on the HPA machine?
Honored Contributor
Yossi_Gutin
Posts: 209
Registered: ‎04-04-2013
Message 5 of 5 (237 Views)

Re: howto: LDAP SSL ?

Sorry, the batch file does not exist in HPA, please use JMX console instead:

jmx-console -> diamond -> CertificateJMX service, fetching certificate from trusted server

 

I will update the original answer

--------------------------------------------------------------------------------------
If some answer solves your problem, please mark it as a solution.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.