Truststore management

When LDAPS or StartTLS is used, the LDAP Session Provider needs to trust the certificates of the LDAP server. Therefore, the LDAP Session Provider has its own truststore which can be maintained either automatically or manually.

Automatic management

The LDAP Session Provider can create/update its truststore used for the LDAP server certificates during startup of the LDAP Session provider. If this auto-update functionality is enabled, no confirmation of certificate imports is displayed. Any new certificate found on the LDAP server(s) is imported into the LDAP Session Provider truststore.

You can turn off the automatic update functionality after the initial setup by changing the "Update LDAP certificates during startup" property for the LDAP Session Provider.

Manual management

The truststore must be created and maintained manually if auto-update is not enabled and any LDAP configuration uses LDAPS or StartTLS. The truststore file is called permanent.jks and must be placed in the secure folder of the LDAP Session provider install folder (<Grid root folder>/applications/LdapSessionProvider/secure).

The default password for the truststore is "changeit" without the citation marks. The truststore password is maintained in a file called permanent.pw in the same folder as the truststore file.