Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

To configure LDAPS, there are only a few differences compared to LDAP: you need to adjust the data source URL to LDAPS and make sure that the LDAPS server certificate is trusted in the java environment that starts the Tomcat. This can be used in Smart ID Identity Manager.

...

Note: In an Active Directory environment, the LDAPS server certificate is the Domain Controller certificate.

  • Copy the new truststore to the Tomcat Application Server.
  • Add the following parameters to the java startup configuration of the tomcat:

  • Expand
    titleSet the LDAPS server certificate as trusted

    To configure LDAPS, the LDAPS server certificate must be trusted.

    • For docker:
      Add the certificate in the docker/compose/cacerts folder. Run docker compose down and docker compose up from within docker/compose/identitymanager/<webappname>/ for each Smart ID application so new containers are created.

    • For WAR file deployment:
      The certificate must be trusted in the java environment that starts the Tomcat.

      To set the LDAPS server certificate as trusted:
      1. Create a java truststore with the issuing CA cert or LDAPS server cert (X.509). If you are uncertain of which one to use, include both.
        See Configure HTTPS for Tomcat for keytool syntax.

    Note
    Code Block
    languagetext
    titleAdd parameters
    Djavax.net.ssl.trustStore=c:\myCerts\myTruststore.jks
    Djavax.net.ssl.trustStorePass=123456


  • Restart the Tomcat.
  • Example of Tomcat startup parameters:

    Additional information

    Expand
    titleUseful links

    ...