Changing LDAP to LDAPS post install
search cancel

Changing LDAP to LDAPS post install

book

Article ID: 268826

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

Symantec Protection Engine (SPE) 9 Console and Server have been installed to use LDAP authentication using LDAP_PORT 389

How can I change this to use secure LDAP on port 636? 

 

 

Environment

Release : 9.0.x

Resolution

To change the LDAP server itself

  1. Install Certificate Authority, Create and Export the certificate

    See: miniorange.com: Step by Step guide to setup LDAPS on Windows Server 

    NOTE: BROADCOM is not liable for content published on third party websites.

  2. Install certificate in JAVA Keystore on the client SPE machine

    See: Importing keys from a third-party certificate

               For Oracle Java, the key store path for java 8: "C:\Program Files\Java\jre1.8.0_231\lib\security\cacerts"

               For Open Java, the key store path for java 8: "C:\Program Files\Eclipse Adoptium\jdk-8.0.345.1-hotspot\jre\lib\security\cacerts"

  

  

 

To change the RESTAPI component of an individual SPE server

  1. Navigate to file: C:\Program Files\Symantec\Scan Engine\RESTAPI\Application.Properties
  2. Update the below two properties for SSL for LDAP: 
    sperestapi.ldap.port=636 

    sperestapi.ldap.ssl.enabled=true

 


To change the SPE 9 Console

  • No changes are necessary.
Powered by Wolken Software