Configure secure communication between ARIS and LDAP server

You can encrypt the communication between ARIS and the LDAP server.

To do so, you have two options, of which only one may be enabled:

Prerequisite

STARTTLS

You can use STARTTLS to configure an encrypted communication between ARIS and the LDAP server.

Procedure

  1. Click Configuration Configuration.
  2. Search for the following strings and configure them:

    com.aris.umc.ldap.url=ldaps://<myldapserver>:<myport>

    com.aris.umc.ldap.ssl=true

    com.aris.umc.ldap.ssl.mode=starttls

  3. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
  4. Self-signed certificates must be manually installed and entered in the list of your JRE.

    Import a self-signed certificate into your ARIS Design Server JRE, for example, ...server/jre.

    keytool.exe -importcert -file <mycertificate> -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit

SSL

Procedure

  1. Click Configuration Configuration.
  2. Click the arrow next to LDAP.
  3. Select the relevant LDAP server.
  4. Click Connection.
  5. Find the following string:

    com.aris.umc.ldap.url=ldap://<myldapserver>:<myport>

    com.aris.umc.ldap.ssl=true

    com.aris.umc.ldap.ssl.mode=ssl

  6. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
  7. Self-signed certificates must be manually installed and entered in the list of your JRE.

    Import a self-signed certificate into your ARIS Design Server JRE, for example, ...server/jre.

    keytool.exe -importcert -file <mycertificate> -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit

See also

Valuable information