You can encrypt the communication between ARIS and the LDAP server.
To do so, you have two options, of which only one may be enabled:
STARTTLS
This transforms a connection that was originally untrusted into an encrypted connection without using a specific port.
SSL
The connection between ARIS and the LDAP server is established using a specific port.
Prerequisite
The LDAP server has a valid SSL certificate and LDAPS is activated.
User Management trusts the LDAP server (the SSL certificate of the LDAP server or the certification authority is stored in the JRE database of trustworthy certificates).
STARTTLS
You can use STARTTLS to configure an encrypted communication between ARIS and the LDAP server.
Procedure
Click Configuration.
Search for the following strings and configure them:
com.aris.umc.ldap.url=ldaps://<myldapserver>:<myport>
com.aris.umc.ldap.ssl=true
com.aris.umc.ldap.ssl.mode=starttls
ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
Self-signed certificates must be manually installed and entered in the list of your JRE.
Import a self-signed certificate into your <_a-server> JRE, for example, ...server/jre.
keytool.exe -importcert -file <mycertificate> -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit
SSL
Procedure
Click Configuration.
Click the arrow next to LDAP.
Click the arrow next to the relevant LDAP server.
Click Connection.
Find the following string:
com.aris.umc.ldap.url=ldap://<myldapserver>:<myport>
com.aris.umc.ldap.ssl=true
com.aris.umc.ldap.ssl.mode=ssl
ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
Self-signed certificates must be manually installed and entered in the list of your JRE.
Import a self-signed certificate into your <_a-server> JRE, for example, ...server/jre.
keytool.exe -importcert -file <mycertificate> -keystore %JAVA_HOME%/jre/lib/security/cacerts -storepass changeit