MANUAL Configuracao Ldaps JAVA

Configuring an SSL Certificate for Microsoft Active Directory - Crowd... https://confluence.atlassian.com/display/CROWD/Configuring+an+SS...
Crowd 2.6 / / Configuring an LDAP Directory Connector
You can configure Crowd to work with Microsoft Active Directory by setting up an LDAP connector in Crowd. If you wish to use Crowd to
add users or change passwords in Active Directory, you will need to install an SSL certificate generated by your Active Directory server
and then install the certificate into your JVM keystore.
On this page:
Prerequisites
Step 1. Install the Active Directory Certificate Services
Step 2. Obtain the Server Certificate
Step 3. Import the Server Certificate
There's a Confluence SSL plugin that facilitates this process.
Updating user, group, and membership details in Active Directory requires that your Atlassian application be running in a JVM that trusts
the AD server. To do this, we generate a certificate on the Active Directory server, then import it into Java's keystore.
Prerequisites
To generate a certificate, you need the following components installed on the Windows Domain Controller to which you're connecting.
Required Component Description
Internet Information Services (IIS) This is required before you can install Windows Certificate Services.
Windows Certificate Services This installs a certification authority (CA) which is used to issue certificates. Step 1, below,
explains this process.
Windows 2000 Service Pack 2 Required if you are using Windows 2000
Windows 2000 High Encryption Pack Required if you are using Windows 2000. Provides the highest available encryption level
(128-bit) (128-bit).
Step 1. Install the Active Directory Certificate Services
1 de 13 19/09/2013 15:07
If Certificate Services are already installed, skip to step 2, below. The screenshots below are from Server 2008, but the process is
similar for Server 2000 and 2003.
1. Log in to your Active Directory server as an administrator.

2. Click Start, point to Administrative Tools, and then click Server Manager.
3. In the Roles Summary section, click Add Roles.
4. On the Select Server Roles page, select the Active Directory Certificate Services check box. Click Next twice.
2 de 13 19/09/2013 15:07
5. On the Select Role Services page, select the Certification Authority check box, and then click Next.
3 de 13 19/09/2013 15:07
6. On the Specify Setup Type page, click Enterprise, and then click Next.
4 de 13 19/09/2013 15:07
7. On the Specify CA Type page, click Root CA, and then click Next.
5 de 13 19/09/2013 15:07
8. On the Set Up Private Key and Configure Cryptography for CA pages, you can configure optional configuration settings,
including cryptographic service providers. However, the default values should be fine. Click Next twice.
6 de 13 19/09/2013 15:07
9. In the Common name for this CA box, type the common name of the CA, and then click Next.
7 de 13 19/09/2013 15:07
10. On the Set Validity Period page, accept the default values or specify other storage locations for the certificate database and the
certificate database log, and then click Next.
8 de 13 19/09/2013 15:07
9 de 13 19/09/2013 15:07
11. After verifying the information on the Confirm Installation Selections page, click Install.
12. Review the information on the results screen to verify that the installation was successful.
10 de 13 19/09/2013 15:07
Step 2. Obtain the Server Certificate
The steps above describe how to install the certification authority (CA) on your Microsoft Active Directory server. Next, you will need to
add the Microsoft Active Directory server's SSL certificate to the list of accepted certificates used by the JDK that runs your application
server.
The Active Directory certificate is automatically generated and placed in root of the C:\ drive, matching a file format similar to the tree
structure of your Active Directory server. For example: c:\ad2008.ad01.atlassian.com_ad01.crt.
You can also export the certificate by executing this command on the Active Directory server:
certutil -ca.cert client.crt
Step 3. Import the Server Certificate
For an application server to trust your directory's certificate, the certificate must be imported into your Java runtime environment. The
JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts and it lives in the jre\lib
\security sub-directory of your Java installation.
In the following examples, we use server-certificate.crt to represent the certificate file exported by your directory server. You
will need to alter the instructions below to match the name actually generated.
11 de 13 19/09/2013 15:07
Once the certificate has been imported as per the below instructions, you will need to restart the application to pick up the changes.
Windows
1. Navigate to the directory in which Java is installed. It's probably called something like C:\Program Files\Java
\jdk1.5.0_12.
2. Run the command below, where server-certificate.crtis the name of the file from your directory server:
keytool -import -keystore .\jre\lib\security\cacerts -file server-certificate.crt
3. keytool will prompt you for a password. The default keystore password is changeit.
4. When prompted Trust this certificate? [no]: enter yesto confirm the key import:
Enter keystore password: changeit

Owner: CN=ad01, C=US
Issuer: CN=ad01, C=US
Serial number: 15563d6677a4e9e4582d8a84be683f9
Valid from: Tue Aug 21 01:10:46 ACT 2007 until: Tue Aug 21 01:13:59 ACT 2012
Certificate fingerprints:
MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE
SHA1: 73:73:4E:A6:A0:D1:4E:F4:F3:CD:CE:BE:96:80:35:D2:B4:7C:79:C1
Trust this certificate? [no]: yes
Certificate was added to keystore
You may now use the 'Secure SSL' option when connecting your application to your directory server.
UNIX
1. Navigate to the directory in which Java is installed. cd $JAVA_HOME will usually get you there.
sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt
Password:
MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE
Mac OS X
1. Navigate to the directory in which Java is installed. This is usually /Library/Java/Home.

12 de 13 19/09/2013 15:07
sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt
Password:
MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE
RELATED TOPICS
Configuring Crowd to Work with SSL
13 de 13 19/09/2013 15:07

MANUAL Configuracao Ldaps JAVA

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

MANUAL Configuracao Ldaps JAVA

Hochgeladen von

Copyright:

Verfügbare Formate

Configuring an SSL Certificate for Microsoft Active Directory - Crowd... https://confluence.atlassian.com/display/CROWD/Configuring+an+SS...

Crowd 2.6 / / Configuring an LDAP Directory Connector

There's a Confluence SSL plugin that facilitates this process.

Required Component Description

Step 1. Install the Active Directory Certificate Services

1. Log in to your Active Directory server as an administrator.

Step 2. Obtain the Server Certificate

certutil -ca.cert client.crt

Step 3. Import the Server Certificate

keytool -import -keystore .\jre\lib\security\cacerts -file server-certificate.crt

Enter keystore password: changeit

sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt

1. Navigate to the directory in which Java is installed. This is usually /Library/Java/Home.

sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt

Configuring Crowd to Work with SSL

Das könnte Ihnen auch gefallen