SSL Ldap integration for NA 9 (Network Automation 9) (353 Views)
Reply
Super Advisor
Click
Posts: 560
Registered: ‎03-29-2010
Message 1 of 3 (353 Views)

SSL Ldap integration for NA 9 (Network Automation 9)

Hi,

We are using NA 9.
We are trying to make SSL Ldap integration.
But we get the below error.

Failure connecting to server ldap11.xxxx.com: [simple bind failed: ldap11.xxxx.com:636]

We also tried to make not-ssl ldap over port 389. It is working. But SSL is not working. We uploaded the certificate to NA 9 server.
Please use plain text.
Super Advisor
Click
Posts: 560
Registered: ‎03-29-2010
Message 2 of 3 (353 Views)

Re: SSL Ldap integration for NA 9 (Network Automation 9)

Hi,

I found below error in logs.

Certificate contains unsupported critical extensions: [2.5.29.17]
Please use plain text.
Occasional Advisor
Chad Koppold
Posts: 5
Registered: ‎09-25-2009
Message 3 of 3 (209 Views)

Re: SSL Ldap integration for NA 9 (Network Automation 9)

IMPLEMENTING:

1. At a Windows command prompt, go to:
<install directory>\jre\bin
2. Enter: keytool -import -file PATH_TO_THE_CERT_FILE -alias ADSCert -keystore ../../
server/ext/jboss/server/default/conf/truecontrol.keystore

The keystore password is “sentinel”

Replace the PATH_TO_THE_CERT_FILE with the absolute path of the HEB_RootCA_v2.cert and HEB_Infrastructure_CA_v1.cer files

3. Enter: keytool -import -file PATH_TO_THE_CERT_FILE -alias ADSCert -keystore ../../
server/ext/jboss/server/default/conf/truecontrol.truststore

The keystore password is “sentinel”

Replace the PATH_TO_THE_CERT_FILE with the absolute path of the HEB_RootCA_v2.cert and HEB_Infrastructure_CA_v1.cer files


4.Restart NA with the Services Applet (or /etc/init.d/truecontrol script on Solaris or
Linux). If you restart NA from the UI, the keystore changes will not be loaded.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation