Configuring LDAPS

If you are using an SSL connection, you can configure Spotfire Statistics Services to use LDAPS.

1. Obtain the LDAP server’s CA certificate. For example, if you were using a Windows Server 2008 domain controller that is also acting as the CA, you can obtain the root certificate by issuing the following command at the Command Prompt.

   certutil -ca.cert ca.cer

2. On the Spotfire Statistics Services server, import the certificate. For example, using the example above with the ca.cer file, you would issue the following commands from the SPSERVER_HOME\jre\bin directory, at the server’s Command Prompt:

   keytool -import -alias dc -keystore C:\(keystore_dir)\keystore.jks -file C:\(path_to)\ca.cer -trustcacerts
   keytool -import -alias dc -keystore C:\(keystore_dir)\cacerts.jks -file C:\(path_to)\ca.cer -trustcacerts

   where (keystore_dir) is the path where you want to import and register the trusted certificate and (path_to) is the directory where you have copied ca.cer.

   These two commands generate the files keystore.jks and cacerts.jks. When you issue the commands, specify passwords for the files. Make a note of the passwords you use, because you will need them in the step next step.

3. For the Apache Tomcat JVM, set the Java options pointing to the keystore and truststore files created in the previous step.

   On Windows, do this by opening SPSERVER_HOME\tomcat\bin\<service_name>w.exe, selecting the Java tab, and then adding the following properties under Java Options.

   -Djavax.net.ssl.keyStore=C:\some\directory\keystore.jks
   -Djavax.net.ssl.keyStorePassword=somesecret
   -Djavax.net.ssl.trustStore=C:\(keystore_dir)\cacerts.jks
   -Djavax.net.ssl.trustStorePassword=somesecret

   On UNIX/Linux, add these properties to the appropriate location in the startup script.

4. Modify SPSERVER_HOME/conf/ldap.properties, to change the following properties.

   ldap.protocol=ldaps
   ldap.port=636

5. Restart the Spotfire Statistics Services service.