0

We use a central AD server for authentication, and have several different webapps that connect to it via LDAP.

I'm trying to connect a simple webapp running on Tomcat 5.5 on Windows to the AD server via secure ldap (ldaps), but have run into some issues importing the certificate (in this case, a ".cer" file).

All of the documentation I've found refer to importing SSL certs and configuring a connector so that Tomcat can serve HTTPS traffic. How does one import an SSL cert for LDAPS, and then reference the cert in the JDNI entry?

IVR Avenger
  • 325
  • 1
  • 5
  • 15

1 Answers1

1

I think the keyword you're missing for search purposes is the "cacerts" file which is manipulated using the Java keytool binary. In a java/tomcat environment, cacerts contains a list of Certificate Authority (CA) certificates that are trusted by default (similar to how OSes and web browsers have their own list of trusted CAs).

Your AD domain controller's certificate was likely generated by an internal CA. You need to import this CA certificate (or possibly chain of certificates) into the "cacerts" file that your Tomcat environment is using. Unless your domain controller's certificate is self-signed, you don't need to import its own certificate.

Once the cacerts file trusts the chain of CAs that generated your domain controller's certificate, you should be able to use LDAPS without issue.

Ryan Bolger
  • 16,472
  • 3
  • 40
  • 59