Configure User Management for an SSL-enabled LDAP server
For synchronization to work properly over LDAPS, the LDAP
certificates that the certificate authority (CA) issued must be
present in the application server’s Java runtime environment (JRE).
Import the certificate into the application server’s JRE cacerts
file, which is usually in the [JAVA_HOME]/jre/lib/security/cacerts directory.
Enable SSL on the directory server. For details, see
the documentation provided by your directory vendor.
Export a client certificate from the directory server.
Use the keytool program to import the client certificate
file into the default Java virtual machine (JVM™)
certificate store of the LiveCycle application server. The procedure
for this task varies, depending on your JVM and client installation
paths. For example, if you use BEA WebLogic Server with
JDK 1.5, from a command prompt, type this text:
keytool -import -alias alias -file certificatename -keystore C:\bea\jdk15_04\jre\lib\security\cacerts
When prompted, type the password. (For Java, the default
password is changeit.) A message appears stating
that the certificate is imported successfully.
When prompted, type Yes to trust the certificate.
Enable SSL in User Management and, when configuring the directory
settings, select Yes for the SSL option and change the port setting
accordingly. The default port number is 636.
Note: If you experience any problems using SSL, use
an LDAP browser to check whether it can access the LDAP system when
using SSL. If the LDAP browser cannot get access, your certificate
or application server is not configured properly. If the LDAP browser
works correctly and you are still experiencing problems, User Management is
not configured properly.