Enabling SSL on an LDAP Connection

You can enable the use of SSL on an LDAP connection (LDAPS).

1. Create a keystore that contains the certificate needed to access the LDAP server when using SSL.
2. Using TIBCO ActiveMatrix Administrator, create a resource template of type Keystore Provider with the following properties:
   • Location of keystore: Identifies the keystore you created above. You can either upload the keystore to be served from the TIBCO ActiveMatrix Administrator interface; or you can enter the external location of the keystore, either as a URL or as a pathname to a file.
     Note: If you specify a pathname, it must be to a file that exists locally on the TIBCO ActiveMatrix BPM runtime.
   • Password: Enter the password needed to access the keystore.
   • Type: Select JKS (for Java Keystore).
   • Provider: Clear this field and leave it blank.
3. Create and install a resource instance from the Keystore Provider resource template that you just created.
4. Create a resource template of type SSL Client Provider with the following properties:
   • Keystore Provider as Trust Store: Enter the name of the Keystore Provider resource instance that you created above.
   • Enable Access to Truststore: Select this checkbox. (It is selected by default.)
   • Enable Mutual Authentication: Clear this checkbox. (It is clear by default.)
5. Create and install a resource instance from the SSL Client Provider resource template that you created above.

   Create the LDAP connection and authentication shared resources needed to access the LDAP directory. See Configuring a New LDAP Shared Resource for TIBCO ActiveMatrix BPM for detailed instructions on how to do this. (As part of this procedure, you will configure the LDAP Connection resource template to use the SSL Client Provider resource instance that you created above. See Configuring the LDAP Connection to use LDAP Over SSL (LDAPS).)