Product Knowledge Base

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 19

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

    • Example for import of a public certificate to a JOC Cockpit Truststore in JKS format:

      Code Block
      languagebash
      titleExmple for import of LDAP Server public certificate to JKS Keystore
      # import LDAP server public certificate to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts

    • Example for import of a public certificate to a JOC Cockpit Truststore in PKCS12 format:

      Code Block
      languagebash
      titleExmple for import of LDAP Server public certificate to PKCS12 Keystore
      # import LDAP server public certificate to a truststore (joc.p12) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "ldap-certificate.crt" -alias "ldap" -keystore "JETTY_BASE/etc/joc.p12" -storetype pkcs12 -storepass secret_store -trustcacerts
  • The -keystore option specifies the location of your Truststore file.
  • The -storepass option specifies the password for access to your Truststore file.
  • The public certificate file ldap-ertificate.crt has been created on should be available from the LDAP server. Transfer this file to the JOC Cockpit server. Alternatively the public certificate can be requested on-the-fly.

    • Example for export request of public certificate:
       

      Code Block
      languagebash
      titleExample for export of public certificate
      # 
certutil -S -n "SOS_LDAP" -s "cn=myCn" -c "SOS_LDAP CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa
certutil -L -d . -n "SOS_LDAP CA certificate" -a > ldap-certificate.crt connect to the LDAP server (ldap_server) with the available port (636), in the server response you should find the public certificate that you can copy & paste to a certificate file
openssl s_client -connect ldap_server:636
  • If the public certificate is signed by a CA then the certificate should include the certificate chain of CA Root Certificate and CA Intermediate Certificate. Otherwise it might be required to concatenate the certificates into one file, for example:


    Code Block
    languagebash
    titleExample for export of public certificate
    # concatenate CA root certificate and CA intermediate certificate to a single CA Bundle certificate file (ca-bundle.crt)
cat RootCACertificate.crt > certificates.crt
cat CACertificate.crt >> certificates.crt
cat ldap-certificate.crt >> certificates.crt

# import LDAP server public certificate and certificate chain to a truststore (joc.jks) by specifying the certificate file (ldap-certificate.crt) and alias name (ldap)
keytool -importcert -noprompt -file "certificates.crt" -alias "ldap" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts

...