Configuring LDAPS

If you are using an SSL connection, you can configure Spotfire Statistics Services to use LDAPS.

Procedure

Obtain the LDAP server’s CA certificate. For example, if you were using a Windows Server 2008 domain controller that is also acting as the CA, you can obtain the root certificate by issuing the following command at the Command Prompt.
```
certutil -ca.cert ca.cer
```
On the Spotfire Statistics Services server, import the certificate. For example, using the example above with the ca.cer file, you would issue the following commands from the SPSERVER_HOME\jre\bin directory, at the server’s Command Prompt:
```
keytool -import -alias dc -keystore C:\(keystore_dir)\keystore.jks -file C:\(path_to)\ca.cer -trustcacerts
keytool -import -alias dc -keystore C:\(keystore_dir)\cacerts.jks -file C:\(path_to)\ca.cer -trustcacerts
```
where (keystore_dir) is the path where you want to import and register the trusted certificate and (path_to) is the directory where you have copied ca.cer.
These two commands generate the files keystore.jks and cacerts.jks. When you issue the commands, specify passwords for the files. Make a note of the passwords you use, because you need them in the next step.
For the Apache Tomcat JVM, set the Java options pointing to the keystore and truststore files created in the previous step.
On Windows, do this by opening SPSERVER_HOME\tomcat\bin\<service_name>w.exe, selecting the Java tab, and then adding the following properties under Java Options.
```
-Djavax.net.ssl.keyStore=C:\some\directory\keystore.jks
-Djavax.net.ssl.keyStorePassword=somesecret
-Djavax.net.ssl.trustStore=C:\(keystore_dir)\cacerts.jks
-Djavax.net.ssl.trustStorePassword=somesecret
```
On UNIX/Linux, add these properties to the appropriate location in the startup script.
Modify SPSERVER_HOME/conf/ldap.properties, to change the following properties.
```
ldap.protocol=ldaps
ldap.port=636
```
Restart the Spotfire Statistics Services service.