Import CA certificate to a LifeCycle Manager keystore

The CA certificate must be imported before LDAPs can be enabled for communication between OpenLDAP and the LifeCycle Manager Server.

  1. Verify that the folder for the keystore exists.
  2. Create the keystore and import the CA certificate. For example, use the following command:

    # <path to jdk>/bin/keytool -import -file /etc/lcm-ldap/certs/cacrt.pem -keystore /u01/app/LCM-Server/JSSE/ldaps -storepass ChangeMe123 -storetype jks

    You must replace Changeme123 with your desired keystore password.

    Note: 

    The Trust store password cannot end with @.

  3. Edit the following parameters in the lcm.properties file. The password for bind user and trust store will be encrypted in the next time the LifeCycle Manager Server is restarted.
    # LDAP configurations
    ldap.validation=true
    ldap.server.0=127.0.0.1
    ldap.port.0=636
    ldap.bind.user.0=cn=binduser,ou=lcm,dc=lcmadam,dc=net
    ldap.bind.password.0=##01WQ8/QAEA0iSnuVPKMIpkRQ==
    ldap.ssl.enabled.0=true
    ldap.trust.store=/u01/app/LCM-Server/JSSE/ldaps
    ldap.trust.store.password=ChangeMe123