If your LDAP directory service requires a secure LDAP connection (LDAPS), you must configure Micro Focus Vibe with a root certificate. The root certificate identifies the root certificate authority (CA) for your Vibe site, which lets you generate a self-signed root certificate based on your eDirectory tree.
You can generate a self-signed root certificate for your eDirectory tree by using either ConsoleOne or iManager, then import the root certificate into the Java keystore file (cacerts) on the Vibe server to make it accessible to Vibe. The default location for the Java keystore file is:
NOTE:For iManager instructions, see
TID 3176104: How to Enable SSL for Teaming LDAP Synchronization and Authentication in the Novell Support Knowledgebase. If you are using Active Directory rather than eDirectory, consult your Active Directory documentation for a procedure comparable to the one provided in Generating a Root Certificate in ConsoleOne.
On Linux or Windows, start ConsoleOne and authenticate to your eDirectory tree.
Expand the Security container, right-click the Tree_Name CA object, then click .
Clickto update the certificate status, then click to close the Certificate Validation dialog box.
Clickto export your eDirectory root certificate into a file that can be imported into the Java keystore file.
Click No for exporting a private key file along with the root certificate.to accept the default of
Select the output format for the root certificate file.
Either DER or Base64 format can be imported into the Java keystore file.
In the SelfSignedRootCert.der.field, specify the location where you want to create the root certificate file and the filename to use, such as
IMPORTANT:You need to be able to access this file from the Vibe server. Specify an accessible location or copy it to the Vibe server after you create it.
Clickto display a summary of the options you have selected, then click to generate the root certificate file.
Click Tree_Name CA object.to close the Self Signed Certificate properties page of the
(Conditional) If necessary, copy the root certificate file to a convenient location on the Vibe server.
On the Vibe server, make sure that you have access to the root certificate file.
Make sure that you can access the keytool tool:
For convenient use, you might need to add its location to the PATH environment variable.
Use the following command to import the root certificate into the Java keystore:
keytool -importcert -alias alias_name -file path_to_root_cert_file -cacerts
where alias_name is an arbitrary name that you assign to the certificate being imported into the Java keystore (cacerts) and root-_certificate_file is the name of the certificate file.
keytool -importcert -alias gw_ldap_srvr -file /certs/SSignedCert.der -cacerts
When prompted, enter changeit as the password for the Java keystore.
Enter yes to accept the certificate import.
Use the following command to verify that the root certificate has been imported into the Java keystore:
keytool -list -alias alias_name -cacerts
keytool -list -alias gw_ldap_srvr -cacerts
Enter the root certificate password to list the root certificate information.
Restart Vibe so that Tomcat rereads the updated Java keystore file.
You are now ready to configure your Vibe site for secure LDAP synchronization, as described in Vibe 4.0.8 Installation Guide.