Help

Root Certificate

jarednichols
Honored Contributor

Posted on ‎02-05-2009 01:04 PM

Hi-

I’ve been told by our LDAP admin that in order to get proper authentication with LDAP accounts, I need to install our root certificate into “your application.” I imagine he means Tomcat, which is what the JSS runs on.

I found this article:
http://www.jamfsoftware.com/kb/article.php?id=019

Is this the right thing for me to follow? If so, I’m a bit confused by step 9 where it says I need to include the keystorePass containing the password to the keystore.

Thanks

j
---
Jared Nichols
ISD Infrastructure and Operations – Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500

0 Kudos
2 REPLIES 2

talkingmoose
Moderator
Moderator

Posted on ‎02-05-2009 02:37 PM

You don't need a root certificate just to get LDAP authentication working.
On 2/5/09 3:04 PM, "Nichols, Jared" <jared.nichols at ll.mit.edu> wrote:
The root certificate will ensure that you are indeed connecting securely to
the server you think you're connecting to. The certificate will keep that
annoying "can't verify the identity of the website" message from appearing,
however.

To enable LDAP for the JSS you'll need to log in and go to the Admin tab -->
LDAP Servers area and enter the appropriate connection and search mappings
for your LDAP world.

Once the JSS has been pointed to a server for external authentication then
you'll be able to assign permissions to users from LDAP and those users will
be able to log in to the JSS or whatever you decide.

--

bill

William M. Smith, Technical Analyst
MCS IT
Merrill Communications, LLC
(651) 632-1492

0 Kudos

prbsparx
Contributor II

Posted on ‎06-07-2016 05:01 PM

This is what I had to do:
Backup /etc/pki/java/cacerts

cp /etc/pki/java/cacerts /etc/pki/java/cacerts.old

Import the EA Root CA certificate to the Java store (must be done from /etc/pki/java/)

cd /etc/pki/java
keytool -import -trustcacerts -alias $NameForCert -keystore cacerts -file /path/to/certificate/file.cer

Type in the keystore password... should be the default "changeit"
Trust this certificate? Answer: Yes
Restart Tomcat

service jamf.tomcat7 restart
0 Kudos