000022015 - How to set up SSL connection between Novell eDirectory and RSA ClearTrust

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000022015
Applies ToNovell eDirectory
RSA ClearTrust 5.5
IssueHow to set up SSL connection between Novell eDirectory and RSA ClearTrust
ResolutionFollow the steps below to configure SSL LDAP connection to RSA ClearTrust:

1. Retrieve the CA Public Cert from Novell eDirectory - this can be done by accessing the LDAPS port with a web browser at https://ldap.hostname:636/. When you get a certificate prompt, click "MORE INFORMATION" and view the certificate chain.

NOTE: View the CA's public certificate, not the servers public certificate

- Highlight the CA and click View Certificate

- Click "Details"

- Click "Copy to File"

- Save the certificate with Base-64 encoding

2. Open the Keytool GUI and create a new KeyStore of type "PKCS 12", then import the certificate you saved in step 1 above. Save the KeyStore, and you will be prompted for a password (this will be needed in the ldap.conf configuration file).

3. Take the <name>.P12 file and place it in the ClearTrust server "conf" folder

4. Open up the ldap.conf file and change the following parameters to reflect the SSL connection:

    cleartrust.data.ldap.directory.edirectory.port     :636
    cleartrust.data.ldap.directory.edirectory-bind.port     :636

    cleartrust.data.ldap.directory.edirectory.ssl.use                    :Auth
    cleartrust.data.ldap.directory.edirectory-bind.ssl.use               :Auth

    cleartrust.data.ldap.directory.edirectory.ssl.ca.keystore_file       :nds-root-ca.p12
    cleartrust.data.ldap.directory.edirectory-bind.ssl.ca.keystore_file    :nds-root-ca.p12

    cleartrust.data.ldap.directory.edirectory.ssl.ca.keystore_passphrase :password
    cleartrust.data.ldap.directory.edirectory-bind.ssl.ca.keystore_passphrase :password

5. Start up the servers
Legacy Article IDa28566