How to configure LDAP with SSL in RemedySSO

Version 2
    Share This:

    This document contains official content from the BMC Software Knowledge Base. It is automatically updated when the knowledge article is modified.


    PRODUCT:

    Remedy Single Sign On


    COMPONENT:

    Remedy Single Sign On


    APPLIES TO:

    RSSO - 9.x.xx, 18.xx



    QUESTION:

    How to configure LDAP with SSL in RemedySSO?


    ANSWER:

    User-added image

    Grab the certificate file from LDAP team if it is configured with SSL/TLS 

    Import this certificate into java keystore file of RSSO server. <path-to-jre>\lib\security\cacerts using the following command 

    keytool -importcert -v -keystore "<path-to-jre>\lib\security\cacerts" -file "<path-to-ldap-cert-file>" 

    It will ask for password, enter the password as 'changeit' (without quotes) 

    Note that this Java should be the one that is running the tomcat service for RSSO. To find which Java is serving RSSO tomcat, run tomcat7w.exe / tomcat8w.exe (under tomcat\bin directory) - go to Java tab, it will show you the path'
     
    If you are running RSSO on linux, run the below command 

    ps ef | grep tomcat

    This will show you the process of Tomcat and also the path of JRE it is using 

    After the certificate is imported, you need to specify the java truststore parameters in RSSO Tomcat startup parameters as follows:

    If you are using Windows, run the same tomcat7w.exe / tomcat 8w.exe depending on tomcat version you are using. Under the Java tab, set the below java parameters 

    -Djavax.net.ssl.trustStore=<path to jre cacerts> 
    -Djavax.net.ssl.trustStorePassword=changeit 

    If you are using Linux, go to the Tomcat startup sh file (under tomcat\bin) and add the above parameters as 

    set JAVA_OPTS="-Djavax.net.ssl.trustStore=<path to jre_keystore" "-Djavax.net.ssl.trustStorePassword=changeit" 

    Save the file.

    A restart of tomcat is needed.

    Test the LDAP connection using RSSO admin console.


    Article Number:

    000291398


    Article Type:

    FAQ/Procedural



      Looking for additional information?    Search BMC Support  or  Browse Knowledge Articles