Enabling LDAP to authenticate users with SSL
If you want to use Secure Sockets Layer (SSL) authentication to communicate securely with a directory server, you must add the trusted public certificate of the directory server, or the public certificate of the directory server's certificate authority, to the cacerts keystore file.
If you want to strengthen the security and validate the client as well, you must add the client's trusted public certificate (or the public certificate of the client's certificate authority), and the corresponding private key, to the clientcerts keystore file.
To enable LDAP to authenticate users with SSL automatically
With BMC Atrium Single Sign-On 9.0.00, you may import SSL certificate from the server automatically. In the LDAP editor, you must enable the Import SSL Certificate check box. Then, the necessary certificate will be downloaded and imported into the server truststore and keystore files. Restart the BMC Atrium Single Sign-On server to incorporate the changes.
To authenticate users to use LDAP connection manually
- Launch JExplorer and ensure SSL connection to import the certificate from the LDAP server.
Click View Certificate.
To import the certificate into the keystore and truststore files of BMC Atrium Single Sign-On server, download and install KeyStore Explorer. Go to [ATSSO_HOME]/tomcat/conf and open truststore by KeyStore Explorer.
Enter the truststore password and click Import.
Select the file comprising the imported certificate and click Import.
Click OK in the certificate details window.
Enter a certificate alias or leave as default.
If everything is OK user will see a message and the imported certificate.
Close the window and save changes to store the file.
Repeat same with keystore and restart BMC Atrium Single Sign-On server to incorporate the changes.