Configuring Secure SSL Connections
To configure and establish a secure SSL connection, Java requires that a keystore file exist on the application server and that a trusted certificate of the LDAP server be imported into the keystore. The certificate should be in base-64 encoded X.509 format.
To create keystore file, you can use the Keytool utility (Key and Certificate Management Tool), which is a part of standard Java distribution. See the Oracle documentation for more information about keytool.
To configure a secure SSL connection
1. Create a keystore and generate a key pair (public and private key) using the syntax:
keytool -genkey -keystore keystore_file -keyalg RSA
Make a note of the keystore password.
2. Import the trusted certificate of the LDAP server using the syntax:
keytool -import -keystore keystore_file -alias ldap_server_alias -file ldap_server_certificate
3. Pass a pointer to the keystore file and keystore password to OneData.
4. To import data using LDAP, complete the following steps.
a. On the Menu toolbar, click Administer > System > System Properties.
b. In the General properties, complete Trusted keystore (for SSL) and Trusted keystore password (for SSL).
c. Click Save.
5. To use the ldaploginmodule, update the login configuration parameters for all repositories:
a. Navigate to the < Software AG_directory >\profiles\ODE\configuration directory and open the com.softwareag.jaas.realm.pid-<Repository Name>JaasConfig.properties file.
b. Set javax.net.ssl.trustStore as the keystore file.
c. Set javax.net.ssl.trustStorePassword as the keystore password.
Note:
Alternatively, you can omit the parameter definition in the login configuration and pass the javax.net.ssl.trustStore and javax.net.ssl.trustStorePassword parameters from the command line when starting the application server. For example, if the keystore file is /opt/onedata/keystore, you would enter -Djavax.net.ssl.trustStore=/opt/onedata/keystore -Djavax.net.ssl.trustStorePassword=secret.
d. Save and close the file.