CKB:Adding LDAP or SMTP SSL certificate to the list of trusted certificates on the Cryptshare server: Unterschied zwischen den Versionen
(Imported from text file) |
Keine Bearbeitungszusammenfassung |
||
| (Eine dazwischenliegende Version von einem anderen Benutzer wird nicht angezeigt) | |||
| Zeile 12: | Zeile 12: | ||
= Solution: = | = Solution: = | ||
=== Method 1) Using the Windows GUI: === | |||
The simplest way to install certificates is to download and install a program called Keystore Explorer to import your certificate into the keystore. The default password for the keystore is "changeit" | |||
=== Method 2) Using the Command Line: === | |||
Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation | Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation | ||
'''Linux Server''' | '''Linux Server''' | ||
| Zeile 24: | Zeile 27: | ||
The default password for the JAVA certificate storage is '''changeit''' | The default password for the JAVA certificate storage is '''changeit''' | ||
* restart Cryptshare service | * restart Cryptshare service | ||
rccryptshare restart | '''systemctl restart cryptshare''' (use '''rccryptshare restart''' up to and including v.7.1) | ||
'''Windows Server''' | '''Windows Server''' | ||
* copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server | * copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server | ||
Aktuelle Version vom 6. Mai 2025, 08:17 Uhr
Applies to:
Symptom:
The connection to LDAP cannot be established using SecureLDAP or connection to SMTP Host cannot be established using secure connection
Cause:
Usually a self-signed SSL certificate is installed on LDAP or SMTP server, which cannot be trusted by Java
Solution:
Method 1) Using the Windows GUI:
The simplest way to install certificates is to download and install a program called Keystore Explorer to import your certificate into the keystore. The default password for the keystore is "changeit"
Method 2) Using the Command Line:
Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation Linux Server
- copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the folder /root
- log in as root on the appliance
- change into Java folder and change the permissions for keytool
cd /opt/cryptshare-3/jre/bin/ chmod +x keytool
- import the SSL certificate
./keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>
where <alias> is the name of LDAP or SMTP server and <SSL Certificate> is the certificate inclusive the path, e.g. /root/LDAP-SSL-certificate.crt or /root/SMTP-SSL-certificate.crt The default password for the JAVA certificate storage is changeit
- restart Cryptshare service
systemctl restart cryptshare (use rccryptshare restart up to and including v.7.1)
Windows Server
- copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server
- open command line
- change into Cryptshare Java folder
cd <Cryptshare installation folder>\jre\bin
- import the SSL certificate
keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>
where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g. <User Desktop>\LDAP-SSL-certificate.crt or <User Desktop>\SMTP-SSL-certificate.crt The default password for the JAVA certificate storage is changeit
- restart Cryptshare service
Now the SecureLDAP connection should work fine.