CKB:Adding LDAP or SMTP SSL certificate to the list of trusted certificates on the Cryptshare server

Aus Cryptshare Documentation
Wechseln zu:Navigation, Suche


Applies to:

All versions of Cryptshare Server

Symptom:

The connection to LDAP cannot be established using SecureLDAP or connection to SMTP Host cannot be established using secure connection

Cause:

Usually a self-signed SSL certificate is installed on LDAP or SMTP server, which cannot be trusted by Java

Solution:

Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation Linux Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the folder /root
  • log in as root on the appliance
  • change into Java folder and change the permissions for keytool
cd /opt/cryptshare-3/jre/bin/
chmod +x keytool
  • import the SSL certificate
./keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP or SMTP server and <SSL Certificate> is the certificate inclusive the path, e.g.  /root/LDAP-SSL-certificate.crt or /root/SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service
rccryptshare restart

Windows Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server
  • open command line
  • change into Cryptshare Java folder
cd <Cryptshare installation folder>\jre\bin
  • import the SSL certificate
keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g.  <User Desktop>\LDAP-SSL-certificate.crt or <User Desktop>\SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service

Now the SecureLDAP connection should work fine.