Creating a Keystore for LDAP SSL

Exporting your Active Directory Certificate
As an Administrative user on your Active Directory server:

Open the Microsoft Management Console by running mmc.exe.
Add the Certificates snap-in for the Computer Account (select the Local Computer).
Locate your certificate in the resulting tree. If you are using a self-signed certificate then this will appear under the Personal folder.
Right click on the certificate, select All Tasks > Export.
Export the certificate (without the private key but will all associated trusted certificates) in Base 64 format.

Creating a Keystore
Once the certificate has been exported you will be able to create a keystore with this certificate that you can use to access your Active Directory server.

To do this you will use the keytool (keytool.exe on Windows) utility supplied with your Java runtime with the following command:

keytool -import -alias ldap -file <certificate file> -keystore shdomain.ks

Enter a secure password for your keystore. This will create a keystore file called shdomain.ks

0 Shares

Mark Nudelman

You may also like

VMware vCenter Server Appliance 5.5.0 Has An Insecure NTP Server

Installing a SSL Certificate in IIS 7

Failed to connect to VMware Lookup Service, SSL certificate verification failed