Using the LDAPs integration in ICDx with insecure/self-signed certificates
search cancel

Using the LDAPs integration in ICDx with insecure/self-signed certificates

book

Article ID: 191232

calendar_today

Updated On:

Products

ICDx

Issue/Introduction

In some circumstances, such as in testing or lab environments, you may need to use insecure or self-signed certificates when integrating LDAPs with the Integrated Cyber Defense Exchange (ICDx).

Resolution

An option has been made available in version 1.4 to trust insecure certifiates. This option is helpful for test environments, for example.
To allow trust for insecure certificates you will need to directly modify a file from the host command line using the following steps:
  1. Switch to the icdx user defained at installation, by default it is icdx:
    sudo -su icdx
  2. Change directory to the needed location:
    cd $SYMC_HOME/repo/other/id_epmp_dx/
  3. Edit the .metadata file and change requirement from "system" to "required" in the "insecure" section:
    • From:
                  "insecure": {
                    "name"       : "Insecure",
                    "desc"       : "Enable this for LDAPS to always trust the certificate of the AD server (for test environments).",
                    "requirement": "system",
                    "type"       : "boolean",
                    "default"    : false
                  }

    • To:
                  "insecure": {
                    "name"       : "Insecure",
                    "desc"       : "Enable this for LDAPS to always trust the certificate of the AD server (for test environments).",
                    "requirement": "required",
                    "type"       : "boolean",
                    "default"    : false
                  }
  4. Save the file.
With the file modified, refresh the Settings > Active Directory page in the web interface and the Insecure configuration setting will now be available. Enable the Insecure toggle and save the configuration.
Powered by Wolken Software