Configuring the Certificate for TLS Over LDAP

If the LDAP connection is over unsecured networks, it is recommended that UNIFYBroker (acting as the LDAP server) and the connected identity management system (acting as the LDAP client) be configured so that LDAP traffic is encrypted using Transport Layer Security (TLS). To do so, a certificate is needed. See the appropriate section below for instructions on how to configure or generate certificates.

See LDAP Security for more information on this topic.

Configuring a Certificate in UNIFYBroker

On the Settings page, click the Edit button under the Certificate Management section.

Select the Store Name, Store Location, and add as many Certificate Attributes to uniquely identify the certificate.

Click Save. If no warning messages are displayed, UNIFYBroker is configured for use with the certificate.

WARNING: Please note that the certificate must have a private key.

Generating a Certificate

A certificate can be generated if one is not available from other sources already with the Microsoft Windows Software Development Kit component makecert (or through the Visual Studios Command Console command of the same name):

makecert -r -pe -n CN="Unify.IdentityBroker" -b 01/01/2015 -e 01/01/2016 -eku -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12

Is this article helpful for you?