LibraryToggle FramesPrintFeedback

To enable SSL/TLS security on the connection to the Apache Directory Server:

  1. Obtain a copy of the server's self-signed certificate.

    1. Using a Web browser , navigate to the following URL:


      Remember to specify the scheme as https, not just http.

      The Web browser now signals an error, because the certificate it receives from the server is untrusted. In the case of Firefox, you will see the following error in the browser window:

    2. Click I Understand the Risks.

    3. Click Add Exception.

      The Add Security Exception dialog opens.

    4. In the Add Security Exception dialog, click Get Certificate.

    5. Click View.

      The Certificate Viewer dialog opens.

    6. In the Certificate Viewer dialog, select the Details tab.

    7. Click Export.

      The Save Certificate To File dialog opens.

    8. In the Save Certificate To File dialog, use the drop-down list to set the Save as type to X.509 Certificate (DER).

    9. Save the certificate, ApacheDS.der, to a convenient location on the filesystem.

  2. Convert the DER format certificate into a keystore.

    1. From a command prompt, change directory to the directory where you have stored the ApacheDS.der file.

    2. Enter the following keytool command:

      keytool -import -file ApacheDS.der -alias server -keystore truststore.ks -storepass secret
  3. Copy the newly created keystore file, truststore.ks, into the Fuse ESB etc/ directory.

  4. Open the ldap-module.xml file you created in Enable LDAP Authentication in the OSGi Container in a text editor.

  5. Edit the connection.url to use ldaps://localhost:10636.

  6. Add the highlighted lines in Example 8.3.

  7. Copy the ldap-module.xml file into the Fuse ESB deploy/ directory.

    The LDAP module is automatically activated.

  8. Test the new LDAP realm by connecting to the running container using the Fuse ESB client utility.

    1. Open a new command prompt.

    2. change directory to the Fuse ESB install directory.

    3. Enter the following command to log on to the running container instance using the identity jdoe:

      client -u jdoe -p secret

      You should successfully log into the container's remote console because jdoe does have the admin role.

Comments powered by Disqus