Follow this solution to configure your DocuShare Server to communicate with LDAP over SSL (LDAPS).
If the site requires Secure Socket Layer (SSL), you must import a certificate to the TrustStore file in DocuShare.
For DS 6.5.3, DS 6.6.1 and DS 7.0 only, place it into the DSTrustStore:
To place the certificate .cer file into the DSTrustStore file:
- Copy the .cer file to the DocuShare directory containing the DSTrustStore file jdk\jre\lib\security.
-
Open a command prompt window and navigate to the directory containing dstruststore.
C:\CD\Xerox\Docushare\jdk\jre\lib\security
C:\Xerox\DocuShare\jdk\jre\lib\security\dir
Volume in drive C is Local Disk
Volume in Serial Number is 508B-0D2F
Directory of C:\Xerox\DocuShare\jdk\jre\lib\security
18-11-02 15:55-
18-11-02 15:55--
02-10-02 12:25 7,365 cacerts
02-10-02 12:26 589 dstruststore
02-10-02 12:26 2,271 java.policy
02-10-02 12:26 4,115 java.security
10-11-02 15:43 844 SLL_Cert4LDAP.cer
5 Files(s) 15,184 bytes
2 Dir(s) 1,486,024,704 bytes free
C:\Xerox\DocuShare\jdk\jre\lib\security -
At the command prompt, enter the set PATH command to set the PATH environment
variable. Use set PATH=%PATH%;\jdk\jre\bin.
C:\Xerox\Docushare\jdk\jre\lib\securityset PATH=%PATH%;C:\Xerox\DocuShare\jdk\jre\bin - After you have set the PATH variable, at the command prompt, enter keytool, without arguments.
- The Keytool Utility help appears. The Keytool Utility places the SSL certificate in the DSTrustStore.
-
At the command prompt, enter the keytool utility command keytool -import -alias -file -keystore dstruststore
Replace with a unique name for the certificate file.
Replace with the name of the certificate file (.cer) that you exported and copied to the directory containing the dstruststore file.Press Enter to start the command. A request for a password appears.
-
Enter password and press Enter.
C:\Xerox\Docushare\jdk\jre\lib\securitykeytool -import -alias TestLDAPss1 -file SLL_Cert4LDAP.cer -keystore dstruststore
Enter keystore password: password
Owner: OU=EFS File Encryption Certificate, L=EFS,CN=Administrator
Issuer: OU=EFS File Encryption Certificate, L=EFS, CN=Administrator
Serial number: 5ee8abd44c2cd2b14ffbee159f03d354
Valid from: Tue Feb 19 10:57:21 PST 2012 until: Thu Jan 26 10:57:21 PST 2102
Certificate fingerprints:
MD5: 78:C7:A3:04:32:69:EB:97:76:FE:F4:8A:11:A2:65:26
SHA1: 02:DD:9A:BE:BE:DE:3C:AA:22:AE:14:9A:F2:F2:5B:11:61:6D:5A:5F
Trust this certificate? [no]: yes
Certificate was added to keystore
C:\Xerox\DocuShare\jdk\jre\lib\security
- 8 Examine the screen output to ensure that Keytool successfully added the certificate to the keystore. If Keytool completed the operation, your DocuShare server is now ready to use the certificate for SSL.
- 9 Once you have finished importing the certificate, reboot your DocuShare server.
- 10 Once the certificate has been successfully added to the DSTrustStore for DocuShare, you will need to verify that the correct port is configured for LDAP and the SSL checkbox selected in your Admin Home | LDAP Configuration on DocuShare.
For DS 7.5 and higher versions, place it into the cacerts:
How to add a certificate to cacerts
https://help.docushare.com/hc/en-us/articles/21443391319963-How-to-add-a-certificate-to-cacerts