Revision 3401
Added by Jing Tao over 17 years ago
| docs/dev/setup-ldap-TLS.txt | ||
|---|---|---|
| 1 |
1. In /etc/ldap/slapd.conf file, remove the comment symbols of two lines: |
|
| 2 |
TLSCertificateFile /var/lib/ldap/cert/cacert.pem |
|
| 3 |
TLSCertificateKeyFile /var/lib/ldap/cert/privkey.pem |
|
| 4 |
|
|
| 5 |
2. In /var/lib/ldap/cert directory (which should be as same as the one in slapd.conf file), generate private key: |
|
| 6 |
openssl genrsa -out privkey.pem 1024 |
|
| 7 |
|
|
| 8 |
3. In /var/lig/ldap/cert directory, generate self-signed certificate: |
|
| 9 |
openssl req -new -x509 -days 900 -key privkey.pem -out cacert.pem |
|
| 10 |
|
|
| 11 |
The example to set up a certificate: |
|
| 12 |
Country Name (2 letter code) [GB]:US |
|
| 13 |
State or Province Name (full name) [Berkshire]:California |
|
| 14 |
Locality Name (eg, city) [Newbury]:Santa Barbara |
|
| 15 |
Organization Name (eg, company) [My Company Ltd]:UCSB |
|
| 16 |
Organizational Unit Name (eg, section) []:NCEAS |
|
| 17 |
Common Name (eg, your name or your server's hostname) []:dev.nceas.ucsb.edu |
|
| 18 |
(Note: don't put port number here) |
|
| 19 |
Email Address []:tao@nceas.ucsb.edu |
|
| 20 |
|
|
| 21 |
Note: the country name, state name (full name) and host name should be correct ones. |
|
| 22 |
|
|
| 23 |
4. Copy the certificate file - cacert.pem to $JAVA_HOME/jre/lib/security directory. |
|
| 24 |
Note: the $JAVA_HOME is the java home under which Metacat is running. It can be in different |
|
| 25 |
machine to Ldap, if Metacat and Ldap are running in different machines. |
|
| 26 |
|
|
| 27 |
5. In $JAVA_HOME/jre/lib/security directory, import the certificate into key store: |
|
| 28 |
keytool -import -alias knp-ldap -file cacert.pem -keystore cacerts |
|
| 29 |
|
|
| 30 |
6. Restart tomcat. |
|
| 31 |
|
|
| 32 |
7. Restart Ldap. |
|
| 33 |
|
|
| 0 | 34 | |
Also available in: Unified diff
Add a documentation for setting up ldap tls channel.