Applies to:

Symptom:

The connection to LDAP cannot be established using SecureLDAP or connection to SMTP Host cannot be established using secure connection

Cause:

Usually a self-signed SSL certificate is installed on LDAP or SMTP server, which cannot be trusted by Java

Solution:

Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation Linux Server

• copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the folder /root
• log in as root on the appliance
• change into Java folder and change the permissions for keytool

cd /opt/cryptshare-3/jre/bin/
chmod +x keytool

• import the SSL certificate

./keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP or SMTP server and <SSL Certificate> is the certificate inclusive the path, e.g.  /root/LDAP-SSL-certificate.crt or /root/SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

• restart Cryptshare service

systemctl restart cryptshare (use rccryptshare restart up to and including v.7.1) 

Windows Server

• copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server
• open command line
• change into Cryptshare Java folder

cd <Cryptshare installation folder>\jre\bin

• import the SSL certificate

keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g.  <User Desktop>\LDAP-SSL-certificate.crt or <User Desktop>\SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

• restart Cryptshare service

Now the SecureLDAP connection should work fine.