aspose file tools*
The moose likes BEA/Weblogic and the fly likes Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Products » BEA/Weblogic
Bookmark "Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine" Watch "Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine" New topic
Author

Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine

Rithanya Laxmi
Ranch Hand

Joined: Jan 24, 2011
Posts: 136
Hi,

I want to configure LDAP with SSL (LDAPS) in weblogic server running in unix machine. So that
I can access LDAPS:// ... URL for authentication. Please clarify the below:-

1) Which certificate needs to be installed, whether we need to install the CA certificate or we create
our own certificate using keytool if that is the case whether the custom certificate is secure enough?
2) What are the changes we need to do in weblogic 10.4 to enable the certificate?
3) Once the certificates and the keys are generated, how we can ensure the LDAPS is working?

Please clarify.

Thanks.
surlac surlacovich
Ranch Hand

Joined: Mar 12, 2013
Posts: 296

Rithanya Laxmi wrote:
1) Which certificate needs to be installed, whether we need to install the CA certificate or we create
our own certificate using keytool if that is the case whether the custom certificate is secure enough?

Public key (certificate) enough to enable encryption. But to decipher you will need private key. If you don't need to make sure WHO is sending data to you, then you can use self signed certs.
Rithanya Laxmi
Ranch Hand

Joined: Jan 24, 2011
Posts: 136


Already the LDAP machine does have a certificate installed and is running in LDAPS. Now I want install the same certificate in my machine through which I can connect to LDAPS? What are the steps I need to follow?

(i) Whether I need to create a new keystore for this or use the existing trust store "cacerts" in JDK?
(ii) How to import/copy the SSL certificate in LDAP machine to local machine?
(iii) To add the certificate to JVM trust store we need to use the below command
keytool -import -trust store?
(iv) The SSL certificate needs to be saved with which extension (.crt or .pem)?
(v) Whether there is any change needed in the java code part from changing the URL to LDAPS with port 636?
Below is the snippet:-

Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env
.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial");

// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");

// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=S. User, ou=NewHires, o=JNDITutorial");
env.put(Context.SECURITY_CREDENTIALS, "mysecret");


(vi) What are the implications of doing the same in UNIX box whether there also we can add the certificate using keytool? (JDK is installed in the box)

Above are the steps I am looking at, Is there anything I have missed out whether the above will work. Here I am not using any config for the app. server for LDAP as the LDAP is done without making any changes to the app. server. Please clarify.
Rithanya Laxmi
Ranch Hand

Joined: Jan 24, 2011
Posts: 136
Guys any update on this?
surlac surlacovich
Ranch Hand

Joined: Mar 12, 2013
Posts: 296

Rithanya Laxmi wrote:
(i) Whether I need to create a new keystore for this or use the existing trust store "cacerts" in JDK?

You can use yours, like this:


Rithanya Laxmi wrote:
(iv) The SSL certificate needs to be saved with which extension (.crt or .pem)?

Pem-extension can contain for both private and public keys, but crt only for public. You can import both, the important thing is valid contents of the file.
Rithanya Laxmi
Ranch Hand

Joined: Jan 24, 2011
Posts: 136
Thanks Surlac, Could you please answer the point #'s (ii),(iii),(v) & (vi)? Thanks for the support.

surlac surlacovich
Ranch Hand

Joined: Mar 12, 2013
Posts: 296

Rithanya Laxmi wrote:
(ii) How to import/copy the SSL certificate in LDAP machine to local machine?

Just locate keystore which uses JVM instance that run LDAP server (if it's on Java Platform) and issue command as described here.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine