I am changing the LDAP port from non-secure port=389 to LDAPS secure port=636. Any concern?
Release : 12.1
Component : CA OUTPUT MANAGEMENT WEB VIEWER FOR ALL PLATFORMS
LDAP
LDAPS was introduced in the product at LU02547 published build 214
Enhancement is being written
Create Keystore Files for LDAP TLS
Last Updated February 19, 2021
Administrators can use LDAP on TLS (LDAPS) to encrypt the communication
between an LDAP server and CA OM Web Viewer.
Follow these steps:
Step 1: Create or Update a Keystore to Connect to your LDAPS Server
Step 2: Configure the CA OM Web Viewer Server
Step 3: Configure the CA OM Web Viewer Directory to Point to the LDAPS Server
Step 4: Verify that One or More Roles use the Directory
For LDAPS, only System Level External Configuration and Application
Level External Configuration are supported.
Step 1: Create or Update a Keystore to Connect to your LDAPS Server
In this procedure, you export the LDAP-specific certificate from your LDAP server
and import it into a java keystore. After the certificate is added to the keystore,
it is used to secure the connection between CA OM Web Viewer and the LDAP server.
Export the certificate from your LDAP server.
See your LDAP server documentation for instructions, which vary
according to your platform and server.
Export a certificate containing the server’s public key into
Base-64 encoded X.509 (CER) file format.
Verify that <jre or jdk>/bin is in your path. If necessary, add it to your path.
Import the certificate into a java keystore. You can use any keystore tool
such as Keystore Explorer or keytool. These instructions use the standard java tool keystore.
Use the following command for either a new or existing keystore:
keytool -importcert -alias <certificate name> -file <file path> -keystore <new or existing keystore>
An example follows:
keytool -importcert -alias publicLDAPcert -file yourCerti.cer -keystore wvLDAP_KeystoreSample.jks
When prompted, specify a new or existing password, depending on whether the keystore is new or existing.
When prompted to trust the certificate, answer Yes.
Step 2: Configure the CA OM Web Viewer Server
Locate your External Configuration location, typically, <Web Viewer install>/config or <OMWV12_HOME>/config
Copy your keystore into your configuration folder.
The follwing will be done using the new ConfigTool:
Update WVProfile.properties with the following lines:
AUTHENTICATION.
AUTHENTICATION.
AUTHENTICATION.LDAPProtocol=[
AUTHENTICATION.LDAPPort=Port Number used to communicate to LDAP Server
AUTHENTICATION.
Create Keystore Files for LDAP TLS
Last Updated February 19, 2021
Administrators can use LDAP on TLS (LDAPS) to encrypt the communication
between an LDAP server and CA OM Web Viewer.
Follow these steps:
Step 1: Create or Update a Keystore to Connect to your LDAPS Server
Step 2: Configure the CA OM Web Viewer Server
Step 3: Configure the CA OM Web Viewer Directory to Point to the LDAPS Server
Step 4: Verify that One or More Roles use the Directory
For LDAPS, only System Level External Configuration and Application
Level External Configuration are supported.
Step 1: Create or Update a Keystore to Connect to your LDAPS Server
In this procedure, you export the LDAP-specific certificate from your LDAP server
and import it into a java keystore. After the certificate is added to the keystore,
it is used to secure the connection between CA OM Web Viewer and the LDAP server.
Export the certificate from your LDAP server.
See your LDAP server documentation for instructions, which vary
according to your platform and server.
Export a certificate containing the server’s public key into
Base-64 encoded X.509 (CER) file format.
Verify that <jre or jdk>/bin is in your path. If necessary, add it to your path.
Import the certificate into a java keystore. You can use any keystore tool
such as Keystore Explorer or keytool. These instructions use the standard java tool keystore.
Use the following command for either a new or existing keystore:
keytool -importcert -alias <certificate name> -file <file path> -keystore <new or existing keystore>
An example follows:
keytool -importcert -alias publicLDAPcert -file yourCerti.cer -keystore wvLDAP_KeystoreSample.jks
When prompted, specify a new or existing password, depending on whether the keystore is new or existing.
When prompted to trust the certificate, answer Yes.
Step 2: Configure the CA OM Web Viewer Server
Locate your External Configuration location, typically, <Web Viewer install>/config or <OMWV12_HOME>/config
Copy your keystore into your configuration folder.
The following will be done using the new ConfigTool:
Update WVProfile.properties with the following lines:
AUTHENTICATION.
AUTHENTICATION.
AUTHENTICATION.LDAPProtocol=[
AUTHENTICATION.LDAPPort=Port Number used to communicate to LDAP Server
AUTHENTICATION.
LDAPS support was introduced at LU02547 published build 214