|
1
|
1. In /etc/ldap/slapd.conf file, remove the comment symbols of two lines:
|
|
2
|
TLSCertificateFile /var/lib/ldap/cert/cacert.pem
|
|
3
|
TLSCertificateKeyFile /var/lib/ldap/cert/privkey.pem
|
|
4
|
|
|
5
|
2. In /var/lib/ldap/cert directory (which should be as same as the one in slapd.conf file), generate private key:
|
|
6
|
openssl genrsa -out privkey.pem 1024
|
|
7
|
|
|
8
|
3. In /var/lig/ldap/cert directory, generate self-signed certificate:
|
|
9
|
openssl req -new -x509 -days 900 -key privkey.pem -out cacert.pem
|
|
10
|
|
|
11
|
The example to set up a certificate:
|
|
12
|
Country Name (2 letter code) [GB]:US
|
|
13
|
State or Province Name (full name) [Berkshire]:California
|
|
14
|
Locality Name (eg, city) [Newbury]:Santa Barbara
|
|
15
|
Organization Name (eg, company) [My Company Ltd]:UCSB
|
|
16
|
Organizational Unit Name (eg, section) []:NCEAS
|
|
17
|
Common Name (eg, your name or your server's hostname) []:dev.nceas.ucsb.edu
|
|
18
|
(Note: don't put port number here)
|
|
19
|
Email Address []:tao@nceas.ucsb.edu
|
|
20
|
|
|
21
|
Note: the country name, state name (full name) and host name should be correct ones.
|
|
22
|
|
|
23
|
4. Copy the certificate file - cacert.pem to $JAVA_HOME/jre/lib/security directory.
|
|
24
|
Note: the $JAVA_HOME is the java home under which Metacat is running. It can be in different
|
|
25
|
machine to Ldap, if Metacat and Ldap are running in different machines.
|
|
26
|
|
|
27
|
5. In $JAVA_HOME/jre/lib/security directory, import the certificate into key store:
|
|
28
|
keytool -import -alias knp-ldap -file cacert.pem -keystore cacerts
|
|
29
|
|
|
30
|
6. Restart tomcat.
|
|
31
|
|
|
32
|
7. Restart Ldap.
|
|
33
|
|