Already the LDAP machine does have a certificate installed and is running in LDAPS. Now I want install the same certificate in my machine through which I can connect to LDAPS? What are the steps I need to follow?
(i) Whether I need to create a new keystore for this or use the existing trust store "cacerts" in JDK?
(ii) How to import/copy the SSL certificate in LDAP machine to local machine?
(iii) To add the certificate to JVM trust store we need to use the below command
keytool -import -trust store?
(iv) The SSL certificate needs to be saved with which extension (.crt or .pem)?
(v) Whether there is any change needed in the
java code part from changing the URL to LDAPS with port 636?
Below is the snippet:-
Hashtable<
String, Object> env = new Hashtable<String, Object>(11);
env
.put(Context.INITIAL_CONTEXT_FACTORY,
"com.sun.jndi.ldap.LdapCtxFactory");
env.put(Context.PROVIDER_URL, "ldap://localhost:636/o=JNDITutorial");
// Specify SSL
env.put(Context.SECURITY_PROTOCOL, "ssl");
// Authenticate as S. User and password "mysecret"
env.put(Context.SECURITY_AUTHENTICATION, "simple");
env.put(Context.SECURITY_PRINCIPAL,
"cn=S. User, ou=NewHires, o=JNDITutorial");
env.put(Context.SECURITY_CREDENTIALS, "mysecret");
(vi) What are the implications of doing the same in UNIX box whether there also we can add the certificate using keytool? (JDK is installed in the box)
Above are the steps I am looking at, Is there anything I have missed out whether the above will work. Here I am not using any config for the app. server for LDAP as the LDAP is done without making any changes to the app. server. Please clarify.