40.2 Securing LDAP Synchronization

If your LDAP directory service requires a secure LDAP connection (LDAPS), you must configure Vibe with a root certificate. The root certificate identifies the root certificate authority (CA) for your Vibe site, which lets you generate a self-signed root certificate based on your eDirectory tree.

40.2.1 Understanding How Vibe Uses the Root Certificate for Your eDirectory Tree

You can generate a self-signed root certificate for your eDirectory tree by using either ConsoleOne or iManager, then import the root certificate into the Java keystore file (cacerts) on the Vibe server to make it accessible to Vibe. The default location for the Java keystore file is:




c:\Program Files\Novell\Teaming\jre\lib\security

NOTE:For iManager instructions, see TID 3176104: How to Enable SSL for Teaming LDAP Synchronization and Authentication in the Novell Support Knowledgebase. If you are using Active Directory rather than eDirectory, consult your Active Directory documentation for a procedure comparable to the one provided in Generating a Root Certificate in ConsoleOne.

40.2.2 Generating a Root Certificate in ConsoleOne

  1. On Linux or Windows, start ConsoleOne and authenticate to your eDirectory tree.

  2. Expand the Security container, right-click the Tree_Name CA object, then click Properties.

  3. Click Certificates > Self Signed Certificate.

  4. Click Validate to update the certificate status, then click OK to close the Certificate Validation dialog box.

  5. Click Export to export your eDirectory root certificate into a file that can be imported into the Java keystore file.

  6. Click Next to accept the default of No for exporting a private key file along with the root certificate.

  7. Select the output format for the root certificate file.

    Either DER or Base64 format can be imported into the Java keystore file.

  8. In the Filename field, specify the location where you want to create the root certificate file and the filename to use, such as SelfSignedRootCert.der.

    IMPORTANT:You need to be able to access this file from the Vibe server. Specify an accessible location or copy it to the Vibe server after you create it.

  9. Click Next to display a summary of the options you have selected, then click Finish to generate the root certificate file.

  10. Click Cancel to close the Self Signed Certificate properties page of the Tree_Name CA object.

  11. Exit ConsoleOne.

  12. (Conditional) If necessary, copy the root certificate file to a convenient location on the Vibe server.

40.2.3 Importing the Root Certificate into the Java Keystore

  1. On the Vibe server, make sure that you have access to the root certificate file.

  2. Make sure that you can access the keytool tool:




    c:\Program Files\Novell\Teaming\jre\bin\keytool.exe

    For convenient use, you might need to add its location to the PATH environment variable.

  3. Use the following command to import the root certificate into the Java keystore:

    keytool -importcert -alias alias_name -file path_to_root_cert_file -cacerts

    where alias_name is an arbitrary name that you assign to the certificate being imported into the Java keystore (cacerts) and root-_certificate_file is the name of the certificate file.

    For example:

    keytool -importcert -alias gw_ldap_srvr -file /certs/SSignedCert.der -cacerts
  4. When prompted, enter changeit as the password for the Java keystore.

  5. Enter yes to accept the certificate import.

  6. Use the following command to verify that the root certificate has been imported into the Java keystore:

    keytool -list -alias alias_name -cacerts

    For example:

    keytool -list -alias gw_ldap_srvr -cacerts
  7. Enter the root certificate password to list the root certificate information.

  8. Restart Vibe so that Tomcat rereads the updated Java keystore file.

You are now ready to configure your Vibe site for secure LDAP synchronization, as described in Adding Vibe Users from Your LDAP Directory in Single-server (Basic) Installation in the OpenText Vibe 4.0.8 Installation Guide.