Product Knowledge Base

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Scope

  • If using LDAP for authentication it is possible to secure the connection with STARTTLS.
  • This article describes the steps required to set up communication with STARTTLS.

Prerequisites

  • The Java Keytools is installed with your Java JRE.
  • Your LDAP server is configured to use STARTTLS.
  • When using starttls your LDAP realm configuration in the shiro.ini configuration file contains:
    ldapRealm.useStartTls=true

Set up a secure connection to your LDAP Server 

This configuration is applied in order to enable STARTTLS in the communication to the LDAP Server.

In the following the placeholders JOC_HOMEJETTY_HOME and JETTY_BASE are used which locate three directories. If you install Jetty with the JOC installer then

  • JOC_HOME is the installation path which is specified during the JOC Cockpit installation:
    • C:\Program Files\sos-berlin.com\joc (default on Windows)
    • /opt/sos-berlin.com/joc (default on Linux)
  • JETTY_HOME = JOC_HOME/jetty
  • JETTY_BASE is Jetty's base directory which is specified during the JOC Cockpit installation:
    • C:\ProgramData\sos-berlin.com\joc (default on Windows)
    • /home/<setup-user>/sos-berlin.com/joc (default on Linux)

Step 1: Create Truststore and import your certificate to the JOC Cockpit Web Service Truststore

The following steps are performed on the server that hosts the JOC Cockpit.

You can use the Java Keystore that will be created with the private key for the HTTPS support in Jetty.  Please note that probably you have to create the directory JETTY_BASE/etc

    • Example

      Sample for import master certificate
      keytool -importcert -noprompt -file "my_LDAP_Certificate.pem" -alias "my_alias" -keystore "JETTY_BASE/etc/joc.jks" -storepass secret_store -trustcacerts
  • The -keystore option specifies the location of your Truststore file.
  • The -storepass option specifies the password for access to your Truststore file.
  • The file my_LDAP_Certificate.pem has been created on the LDAP server. Transfer this file to the local machine.

    • certutil -S -n "SOS_LDAP" -s "cn=myCn" -c "SOS_LDAP CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa

    • certutil -L -d . -n "SOS_LDAP CA certificate" -a > my_LDAP_Certificate.pem

Step 2: Configure Jetty

  • Edit the following entries in the JETTY_BASE/resources/joc/joc.properties configuration file corresponding to the Java Keystore:

    truststore_path = ../../etc/joc.jks


    Explanations

    • Specify the location of the Truststore with the truststore_path setting. A location relative to the JETTY_BASE directory can be specified.
  • No labels