Configuring iManager for SSL/TLS Connection to eDirectory

Some plug-ins require secure LDAP access to function properly. To set up secure access, you must import an root certificate into iManager by completing the following tasks:

Exporting a Root Certificate

  1. Log in to iManager.

  2. In the Contents panel, click eDirectory Administration > Modify Object.

  3. In the right pane, enter the distinguished name of the LDAP server in the Object Name box, then click OK.

    If you do not know the name, click the Object Selector button that allows you to browse the tree for objects. In the left pane, enter the container in which to begin browsing, select the other criteria for the object, then click Apply. In the right pane, select the object. When the object appears in the Object Name box, click OK.

  4. Select the Connections tab and note the name of the server certificate listed in the Server Certificate box.

  5. In the Contents panel, click Modify Object.

  6. In the right pane, enter the name of the server certificate, then click OK.

  7. Select the Certificates tab, select Trusted Root Certificate, then click Export.

  8. Select not to export the private key with the certificate.

  9. Select to save the certificate in DER format.

  10. Select to save the certificate to a file.

  11. Click Close.

Importing an eDirectory Certificate into the Keystore

After you have an eDirectory certificate saved in DER format, you need to import the certificate into the iManager keystore.

  1. Open a command window.

  2. Change to the bin directory where you have installed the JDK*. For example, on a Windows system, you would enter the following command:

    cd j2sdk1.4.1_02\bin

  3. Import the certificate into the keystore with the keytool. For example, to import the certificate to iManager on a NetWare server from a Windows machine, you would enter the following command:

    keytool -J-ns -import -alias alias_name -file full_path\trustedrootcert.der -keystore sys:java\lib\security\cacerts

    The first path in the command, c:\eDirectory.cer, specifies the location and name of the certificate you exported.

    The last path in the command, sys:java\lib\security\cacerts, specifies the keystore location. This varies from system to system because it is based on where iManager is installed. The command shows the default NetWare location. The default location for iManager on a Windows server is c:\Program Files\Novell\jre\lib\security\cacerts.

  4. Enter changeit for the keystore password.

  5. Select Yes to Trust this certificate.