• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Setting up LDAP with SSL (LDAPS) in weblogic server running in Unix machine

 
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I want to configure LDAP with SSL (LDAPS) in weblogic server running in unix machine. So that
I can access LDAPS:// ... URL for authentication. Please clarify the below:-

1) Which certificate needs to be installed, whether we need to install the CA certificate or we create
our own certificate using keytool if that is the case whether the custom certificate is secure enough?
2) What are the changes we need to do in weblogic 10.4 to enable the certificate?
3) Once the certificates and the keys are generated, how we can ensure the LDAPS is working?

Please clarify.

Thanks.
 
Ranch Hand
Posts: 296
Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rithanya Laxmi wrote:
1) Which certificate needs to be installed, whether we need to install the CA certificate or we create
our own certificate using keytool if that is the case whether the custom certificate is secure enough?


Public key (certificate) enough to enable encryption. But to decipher you will need private key. If you don't need to make sure WHO is sending data to you, then you can use self signed certs.
 
Rithanya Laxmi
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


Already the LDAP machine does have a certificate installed and is running in LDAPS. Now I want install the same certificate in my machine through which I can connect to LDAPS? What are the steps I need to follow?

(i) Whether I need to create a new keystore for this or use the existing trust store "cacerts" in JDK?
(ii) How to import/copy the SSL certificate in LDAP machine to local machine?
(iii) To add the certificate to JVM trust store we need to use the below command
keytool -import -trust store?
(iv) The SSL certificate needs to be saved with which extension (.crt or .pem)?
(v) Whether there is any change needed in the java code part from changing the URL to LDAPS with port 636?
Below is the snippet:-

Hashtable<String, Object> env = new Hashtable<String, Object>(11);
env
.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial");

// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");

// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=S. User, ou=NewHires, o=JNDITutorial");
env.put(Context.SECURITY_CREDENTIALS, "mysecret");


(vi) What are the implications of doing the same in UNIX box whether there also we can add the certificate using keytool? (JDK is installed in the box)

Above are the steps I am looking at, Is there anything I have missed out whether the above will work. Here I am not using any config for the app. server for LDAP as the LDAP is done without making any changes to the app. server. Please clarify.
 
Rithanya Laxmi
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Guys any update on this?
 
surlac surlacovich
Ranch Hand
Posts: 296
Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rithanya Laxmi wrote:
(i) Whether I need to create a new keystore for this or use the existing trust store "cacerts" in JDK?


You can use yours, like this:


Rithanya Laxmi wrote:
(iv) The SSL certificate needs to be saved with which extension (.crt or .pem)?


Pem-extension can contain for both private and public keys, but crt only for public. You can import both, the important thing is valid contents of the file.
 
Rithanya Laxmi
Ranch Hand
Posts: 255
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks Surlac, Could you please answer the point #'s (ii),(iii),(v) & (vi)? Thanks for the support.

 
surlac surlacovich
Ranch Hand
Posts: 296
Spring
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Rithanya Laxmi wrote:
(ii) How to import/copy the SSL certificate in LDAP machine to local machine?


Just locate keystore which uses JVM instance that run LDAP server (if it's on Java Platform) and issue command as described here.
 
I need a new interior decorator. This tiny ad just painted every room in my house purple.
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic