search cancel

Unable to get OC to work with LDAP and VIP on a load balancer


Article ID: 216626


Updated On:


CA Spectrum


Customer is changing the LDAP server they use in Spectrum to a VIP.
we used :
 openssl s_client -showcerts -connect localhost:3269
to get the LDAP server to output the certificate information and we copied and pasted the Cert text into a file and imported it using:
../../Java/bin/keytool -import -alias 'LDAP' -file OurFileaName.crt -keystore cacerts
All seems to work - One Click - displays the CERTS as loaded but the LDAP SSL config  test Fails


Release : 20.2

Component : Spectrum Core / SpectroSERVER


Need to obtain the certificate of the load balancer and import it to the Spectrum keystore


When using a load balancer with a VIP configuration for LDAP, the LDAP certificates and the load balancer certificate need to be imported into the OneClick Tomcat keystore ($SPECROOT/custom/keystore/cacerts).  You can import it using any alias.