Creating a truststore when using LDAP
Before you begin
About this task
If the connection is secured using TLS, a certificate is needed to complete the SSL handshake with LDAP. If you are connecting to multiple LDAP servers that have different certificates, you need to trust each certificate in a single trust store.
The LDAP trust store file name must be ldaptruststore.p12. It is defined using the commands in this procedure.
Procedure
- Copy the certificates to be trusted to the machine where the keytool utility is installed, and stage them in a temporary directory.
-
Create a keystore by issuing the below command with the parameters:
keytool -importcert -storetype PKCS12 -keystore ldaptruststore.p12 -storepass truststore_password -alias alias_name -file file_to_trust.crt -noprompt
- truststore_password
- The desired password for your trust store. Save the password for later use.
- alias_name
- The value to display in the trust store, each certificate must have a unique alias.
- file_to_trust.crt
- The full path to the certificate you are adding to the trust store.
- Optional:
To import additional certificates into an existing trust store, run the below
command, be sure to use a unique alias for each additional certificate.
keytool -importcert -storetype PKCS12 -keystore ldaptruststore.p12 -storepass truststore_password -alias aliasname -file file_to_trust.crt -noprompt
What to do next
To implement the trust store, refer to one of the following topics.