Importing an SSL certificate into DSTrustStore
Follow this solution to configure your DocuShare Server to
communicate with LDAP over SSL.
If the site requires Secure Socket Layer (SSL), you must
import a certificate to the DSTrustStore file in DocuShare.
To place the certificate .cer file into the DSTrustStore
file:
- Copy the .cer file
to the DocuShare directory containing the DSTrustStore file jdk\jre\lib\security.
- Open a command
prompt window and navigate to the directory containing dstruststore.
C:\>CD\Xerox\Docushare\jdk\jre\lib\security
C:\Xerox\DocuShare\jdk\jre\lib\security\dir
Volume in drive C is Local Disk
Volume in Serial Number is 508B-0D2F
Directory of C:\Xerox\DocuShare\jdk\jre\lib\security
18-11-02 15:55 <DIR> -
18-11-02 15:55 <DIR> --
02-10-02 12:25 7,365 cacerts
02-10-02 12:26 589 dstruststore
02-10-02 12:26 2,271 java.policy
02-10-02 12:26 4,115 java.security
10-11-02 15:43 844 SLL_Cert4LDAP.cer
5 Files(s) 15,184 bytes
2 Dir(s) 1,486,024,704 bytes free
C:\Xerox\DocuShare\jdk\jre\lib\security
- At the command
prompt, enter the set PATH command to set the PATH environment
variable. Use set PATH=%PATH%;<your DocuShare directory>\jdk\jre\bin.
C:\Xerox\Docushare\jdk\jre\lib\security>set
PATH=%PATH%;C:\Xerox\DocuShare\jdk\jre\bin
- After you have set
the PATH variable, at the command prompt, enter keytool, without arguments.
- The Keytool
Utility help appears. The Keytool Utility places the SSL certificate in
the DSTrustStore.
- At the command prompt, enter the keytool utility command
keytool -import -alias <alias_name> -file <cert_file>
-keystore dstruststore
Replace <alias_name> with a unique name for the certificate
file.
Replace
<cert_file> with the name of the certificate file (.cer) that
you exported and copied to the directory containing the
dstruststore file.Press Enter to start the command. A request for a
password appears.
- Enter password and press Enter.
C:\Xerox\Docushare\jdk\jre\lib\security>keytool -import -alias Test
LDAPss1 -file SDL_Cert4LDAP.cer
-keystore dstruststore
Enter keystore password: password
Owner: OU=EFS File Encryption
Certificate, L=EFS,
CN=Administrator
Issuer: OU=EFS File Encryption
Certificate, L=EFS, CN=Administrator
Serial number:
5ee8abd44c2cd2b14ffbee159f03d354
Valid from: Tue Feb 19 10:57:21 PST
2012 until: Thu Jan 26 10:57:21
PST 2102
Certificate fingerprints:
MD5:
78:C7:A3:04:32:69:EB:97:76:FE:F4:8A:11:A2:65:26
SHA1:
02:DD:9A:BE:BE:DE:3C:AA:22:AE:14:9A:F2:F2:5B:11:61:6D:5A:5F
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\Xerox\DocuShare\jdk\jre\lib\security>
8. 8. Examine the
screen output to ensure that Keytool successfully added the certificate to the
keystore. If Keytool completed the operation, your DocuShare server is now
ready to use the certificate for SSL.
9. 9. Once you
have finished importing the certificate, reboot your DocuShare server.
10. 10. Once the certificate
has been successfully added to the DSTrustStore for DocuShare, you will need to
verify that the correct port is configured for LDAP and the SSL checkbox
selected in your Admin Home | LDAP
Configuration on DocuShare.
Solution Published:
October 22, 2018
Solution ID: 1966
Keywords:
LDAP SSL
LDAPS
|