Changing LDAP to LDAPS post install
search cancel

Changing LDAP to LDAPS post install


Article ID: 268826


Updated On:


Protection Engine for NAS Protection Engine for Cloud Services


Symantec Protection Engine (SPE) 9 Console and Server have been installed to use LDAP authentication using LDAP_PORT 389

How can I change this to use secure LDAP on port 636? 




Release : 9.0.x


To change the LDAP server itself

  1. Install Certificate Authority, Create and Export the certificate

    See: Step by Step guide to setup LDAPS on Windows Server 

    NOTE: BROADCOM is not liable for content published on third party websites.

  2. Install certificate in JAVA Keystore on the client SPE machine

    See: Importing keys from a third-party certificate

               For Oracle Java, the key store path for java 8: "C:\Program Files\Java\jre1.8.0_231\lib\security\cacerts"

               For Open Java, the key store path for java 8: "C:\Program Files\Eclipse Adoptium\jdk-8.0.345.1-hotspot\jre\lib\security\cacerts"




To change the RESTAPI component of an individual SPE server

  1. Navigate to file: C:\Program Files\Symantec\Scan Engine\RESTAPI\Application.Properties
  2. Update the below two properties for SSL for LDAP:



To change the SPE 9 Console

  • No changes are necessary.