Importing an SSL certificate into DSTrustStore

Follow this solution to configure your DocuShare Server to communicate with LDAP over SSL.

If the site requires Secure Socket Layer (SSL), you must import a certificate to the DSTrustStore file in DocuShare.

To place the certificate .cer file into the DSTrustStore file:

1. Copy the .cer file to the DocuShare directory containing the DSTrustStore file jdk\jre\lib\security.
2. Open a command prompt window and navigate to the directory containing dstruststore.
   
   C:\>CD\Xerox\Docushare\jdk\jre\lib\security
   C:\Xerox\DocuShare\jdk\jre\lib\security\dir
   Volume in drive C is Local Disk
   Volume in Serial Number is 508B-0D2F
   Directory of C:\Xerox\DocuShare\jdk\jre\lib\security
   18-11-02 15:55 <DIR> -
   18-11-02 15:55 <DIR> --
   02-10-02 12:25 7,365 cacerts
   02-10-02 12:26 589 dstruststore
   02-10-02 12:26 2,271 java.policy
   02-10-02 12:26 4,115 java.security
   10-11-02 15:43 844 SLL_Cert4LDAP.cer
   5 Files(s) 15,184 bytes
   2 Dir(s) 1,486,024,704 bytes free
   C:\Xerox\DocuShare\jdk\jre\lib\security
3. At the command prompt, enter the set PATH command to set the PATH environment
   variable. Use set PATH=%PATH%;<your DocuShare directory>\jdk\jre\bin.
   
   C:\Xerox\Docushare\jdk\jre\lib\security>set PATH=%PATH%;C:\Xerox\DocuShare\jdk\jre\bin
4. After you have set the PATH variable, at the command prompt, enter keytool, without arguments.
5. The Keytool Utility help appears. The Keytool Utility places the SSL certificate in the DSTrustStore.
6. At the command prompt, enter the keytool utility command keytool -import -alias <alias_name> -file <cert_file> -keystore dstruststore
   
   Replace <alias_name> with a unique name for the certificate file.
   
   Replace <cert_file> with the name of the certificate file (.cer) that you exported and copied to the directory containing the dstruststore file.Press Enter to start the command. A request for a password appears.

7. Enter password and press Enter.
   
   C:\Xerox\Docushare\jdk\jre\lib\security>keytool -import -alias Test

LDAPss1 -file SDL_Cert4LDAP.cer -keystore dstruststore

Enter keystore password: password

Owner: OU=EFS File Encryption Certificate, L=EFS,

CN=Administrator

Issuer: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator

Serial number: 5ee8abd44c2cd2b14ffbee159f03d354

Valid from: Tue Feb 19 10:57:21 PST 2012 until: Thu Jan 26 10:57:21

PST 2102

Certificate fingerprints:

MD5: 78:C7:A3:04:32:69:EB:97:76:FE:F4:8A:11:A2:65:26

SHA1: 02:DD:9A:BE:BE:DE:3C:AA:22:AE:14:9A:F2:F2:5B:11:61:6D:5A:5F

Trust this certificate? [no]: yes

Certificate was added to keystore

C:\Xerox\DocuShare\jdk\jre\lib\security>

8.     8.  Examine the screen output to ensure that Keytool successfully added the certificate to the keystore. If Keytool completed the operation, your DocuShare server is now ready to use the certificate for SSL.

9.     9.  Once you have finished importing the certificate, reboot your DocuShare server.

10.  10. Once the certificate has been successfully added to the DSTrustStore for DocuShare, you will need to verify that the correct port is configured for LDAP and the SSL checkbox selected in your Admin Home | LDAP Configuration on DocuShare.

Solution Published: October 22, 2018

Solution ID: 1966

Keywords:

LDAP SSL

LDAPS