Changing LDAP to LDAPS post install
search cancel

Changing LDAP to LDAPS post install

book

Article ID: 268826

calendar_today

Updated On:

Products

Protection Engine for NAS Protection Engine for Cloud Services

Issue/Introduction

Symantec Protection Engine (SPE) Console and Server have been installed to use LDAP authentication using LDAP_PORT 389

How can I change this to use secure LDAP on port 636?

Environment

SPE Console 9.x

Resolution

To change the LDAP server itself

  • Install Certificate Authority, Create and Export the certificate

    See: miniorange.com: Step by Step guide to setup LDAPS on Windows Server 

    NOTE: BROADCOM is not liable for content published on third party websites.

  • Install certificate in JAVA Keystore on the client SPE machine

    See: Install certificate in JAVA Keystore

          For Oracle Java, the key store path for java 8: "C:\Program Files\Java\jre1.8.0_231\lib\security\cacerts"
          For Open Java, the key store path for java 8: "C:\Program Files\Eclipse Adoptium\jdk-8.0.345.1-hotspot\jre\lib\security\cacerts"

To change the RESTAPI component of an individual SPE server

  1. Navigate to file: C:\Program Files\Symantec\Scan Engine\RESTAPI\Application.Properties
  2. Update the below two properties for SSL for LDAP: 
    sperestapi.ldap.port=636 

    sperestapi.ldap.ssl.enabled=true

There are no changes required on SPE console.

Powered by Wolken Software