Configure secure communication

You can encrypt the communication between ARIS and the LDAP server.

To do so, you have two mutually exclusive options:

Prerequisite

STARTTLS

You can use STARTTLS to configure encrypted communication between ARIS and the LDAP server.

Procedure

  1. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

  2. Click User management.

  3. Click the arrow next to LDAP.

  4. Click the arrow next to the relevant LDAP server.

  5. Click Connection.

  6. Click Edit Edit.

  7. Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:

    ldap://hqgc.mycompany.com:3168.

  8. Configure the fallback URL of the LDAP backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.

  9. Enable Use SSL.

  10. Select STARTTLS from the SSL mode list.

  11. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.

  12. Upload LDAP truststore file.

    You can upload the truststore file.

    Prerequisite

    You have the Technical configuration administrator function privilege.

    Procedure

    1. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

    2. Click User Management.

    3. Click the arrow next to LDAP.

    4. Click General settings.

    5. Click Truststore. You must have generated a truststore file.

    6. Click Upload Upload. The Truststore dialog opens. Select the truststore file you want to use and click Upload.

    7. Select the relevant file.

    You have uploaded a truststore file

SSL

Procedure

  1. Start ARIS.

  2. Click Application launcher Application launcher > Administration Administration. The Configuration Configuration view is shown.

  3. Click User management.

  4. Click the arrow next to LDAP.

  5. Click the arrow next to the relevant LDAP server.

  6. Click Connection.

  7. Click Edit Edit.

  8. Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:

    ldap://hqgc.mycompany.com:3168.

  9. Configure the fallback URL of the LDAP backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.

  10. Enable Use SSL.

  11. Select SSL from the SSL mode list.

  12. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.

  13. Upload LDAP truststore file

    You can upload the truststore file.

    Prerequisite

    You have the Technical configuration administrator function privilege.

    Procedure

    1. Click Application launcher Application launcher > Administration Administration. The Administration opens with the Configuration Configuration view.

    2. Click User Management.

    3. Click the arrow next to LDAP.

    4. Click General settings.

    5. Click Truststore. You must have generated a truststore file.

    6. Click Upload Upload. The Truststore dialog opens. Select the truststore file you want to use and click Upload.

    7. Select the relevant file.

    You have uploaded a truststore file