-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
Add CA Certificate to Keystore for LDAP Authentication on Windows Software deployments
10/14/2022 
1,052 People found this article helpful
484,353 Views
Description
Adding a CA certificate to the Keystore for LDAP Authentication on a Software (Windows) deployment of GMS
Cause
When domain users are given permissions to use GMS, it is possible to configure the LDAP communication using TLS for secured communication between the GMS server and the LDAP server. This requires a trusted, signed certificate for the LDAP Authentication server.
Typically, the Certificate Authority (CA) which signs these TLS certificates for LDAP Authentication servers is itself an internal corporate Domain Controller, as opposed to a trusted public CA.
Therefore, it's root CA Certificate needs to be added to the GMS Certificates keystore, so it can be recognized as a trusted Certificate Authority for singing the trusted, signed certificate.
Resolution
Step 1: Export copy of LDAP CA certificate from AD server and copy to desktop of GMS server.
Step 2: Run command prompt on GMS server using cmd from [installDir]:\GMSVP\jre\bin
keytool -import -alias <createAlias> -file <full path of the certificate(.cer/.crt) file on your system> -trustcacerts -keystore C:\GMSVP\jre\lib\security\cacerts
(below is an example, where GMS is installed on the C drive, the alias given to the CA certificate is named "cacertificate" and the file is saved on the Administrator's desktop as "cacertificateexport.cer")
cd C:GMSVPjrebin
keytool -import -alias cacertificate -file C:\Windows\users\Administrator\Desktop\cacertificateexport.cer -trustcacerts -keystore C:\GMSVP\jre\lib\security\cacerts
Password is changeit
Step 3: Once imported, rename the jssecacerts file in [installDir]:\GMSVP\jre\lib\security directory. (example: jssecacertsold)
Step 4: Make a copy of the cacerts file (which was modified in step2) and rename only the copied file to jssecacerts.
Step 5: Restart Server and test LDAP config.
Related Articles
- How to Expand the Hard Drive of a GMS Virtual Appliance
- How to modify Template Attributes (NSM)
- How to extract a public certificate and private key from .pfx for use in GMS/Analytics
YES
NO