Root Certificate

Honored Contributor


I’ve been told by our LDAP admin that in order to get proper authentication with LDAP accounts, I need to install our root certificate into “your application.” I imagine he means Tomcat, which is what the JSS runs on.

I found this article:

Is this the right thing for me to follow? If so, I’m a bit confused by step 9 where it says I need to include the keystorePass containing the password to the keystore.


Jared Nichols
ISD Infrastructure and Operations – Desktop Engineering
MIT Lincoln Laboratory
244 Wood St.
Lexington, MA 02420-9108
(781) 981-5500


Honored Contributor II

You don't need a root certificate just to get LDAP authentication working.
On 2/5/09 3:04 PM, "Nichols, Jared" <jared.nichols at> wrote:
The root certificate will ensure that you are indeed connecting securely to
the server you think you're connecting to. The certificate will keep that
annoying "can't verify the identity of the website" message from appearing,

To enable LDAP for the JSS you'll need to log in and go to the Admin tab -->
LDAP Servers area and enter the appropriate connection and search mappings
for your LDAP world.

Once the JSS has been pointed to a server for external authentication then
you'll be able to assign permissions to users from LDAP and those users will
be able to log in to the JSS or whatever you decide.



William M. Smith, Technical Analyst
Merrill Communications, LLC
(651) 632-1492

Contributor II

This is what I had to do:
Backup /etc/pki/java/cacerts

cp /etc/pki/java/cacerts /etc/pki/java/cacerts.old

Import the EA Root CA certificate to the Java store (must be done from /etc/pki/java/)

cd /etc/pki/java
keytool -import -trustcacerts -alias $NameForCert -keystore cacerts -file /path/to/certificate/file.cer

Type in the keystore password... should be the default "changeit"
Trust this certificate? Answer: Yes
Restart Tomcat

service jamf.tomcat7 restart