|Resolution||On the LDAP server/domain controller hosting the Active Directory, of which RSA DLP is a member, import the certificate of the LDAP server:|
On the RSA Data Loss Prevention Enterprise Manager server:
- In the Run box, type mmc and press Enter.
- In the MMC interface, select File > Add/remove snap-in.
- Select Certificates from the list of available snap-ins and add it. At the prompt select Computer Account then click Next and Finish.
- On the left pane, expand Certificates and select Personal > Certificates.
- Right-click on the certificate that has the hostname of the server with the longest Expiration Date.
- Click Export and select No, Do not export private key.
Select DER encoded binary x509 (.CER) and click Next.
- Browse for the destination where the certificate will be exported and name it, For example, ldapserver.
- Click Next and Finish.
- Move the exported certificate to the root folder on the C:\ drive of your RSA DLP Enterprise Manager server.
- In the Run box, type cmd. When the program displays, right click and choose Run as administrator.
- Navigate to C:\Program Files\Java\jre1.7.0_25\lib\security.
- Run the following command:
"C:\Program Files\Java\jre1.7.0_25\bin\keytool.exe" -import -file C:\<certname>.cer -keystore cacerts -storepass changeit
- Using the command below, verify that the LDAP certificate has been added to keystore:
C:\Program Files\Java\jre1.7.0_25\bin>keytool -list -keystore "C:\Program Files\Java\jre1.7.0_25\lib\security\cacerts" -storepass changeit -v > C:\dumpcerts.txt
- Using a text editor, open the dumpcert.txt file. The certificate should be listed in the file.
- In the EM GUI go to > Settings > LDAP Configuration > port = 636 then check the Encrypted box.