Configure secure communication

You can encrypt the communication between ARIS and the LDAP server.

To do so, you have two mutually exclusive options:

Prerequisite

STARTTLS

You can use STARTTLS to configure encrypted communication between ARIS and the LDAP server.

Procedure

  1. Start ARIS Connect.
  2. Click <user name> and select Administration.
  3. Click Configuration Configuration.
  4. Click User management User management.
  5. Click the arrow next to LDAP.
  6. Select the relevant LDAP server.
  7. Click Connection.
  8. Click Edit Edit.
  9. Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:

    ldap://hqgc.mycompany.com:3168.

  10. Configure the path to the backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.
  11. Enable Use SSL.
  12. Select STARTTLS from the SSL mode list.
  13. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
  14. Upload LDAP truststore file.

SSL

Procedure

  1. Start ARIS Connect.
  2. Click <user name> and select Administration.
  3. Click Configuration Configuration.
  4. Click User management User management.
  5. Click the arrow next to LDAP.
  6. Select the relevant LDAP server.
  7. Click Connection.
  8. Click Edit Edit.
  9. Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:

    ldap://hqgc.mycompany.com:3168.

  10. Configure the path to the backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.
  11. Enable Use SSL.
  12. Select SSL from the SSL mode list.
  13. ARIS must trust the LDAP server used. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
  14. Upload LDAP truststore file

See also

Valuable information