Configuring an SSL connection to an LDAP server

You can configure secure communications between each Jazz™ for Service Management application server and the LDAP server by using SSL.

Before you begin

Ensure that you have already an existing connection to an LDAP server set up.

Your LDAP server must be configured to accept SSL connections and be running on the secured port number (636). Refer to your LDAP server documentation if you need to create a signer certificate, which as part of this task, must be imported from your LDAP server into the trust store of the Jazz for Service Managementapplication server.

About this task

All Jazz for Service Managementapplication servers must be configured for the LDAP server.

Procedure

  1. Follow these steps to import your LDAP server's signer certificate into the Jazz for Service Management application server trust store.
    1. Start the WebSphere administrative console; for example, select Start > IBM WebSphere > IBM® WebSphere® Application Server > Profiles > JazzSMProfile > Administrative console.
    2. Enter the WebSphere administrator user ID and password, and click Log in.
    3. Click Security > SSL certificate and key management.
    4. In the Related Items area, click the Key stores and certificates link and in the table click the NodeDefaultTrustStore link.
    5. In the Additional Properties area, click the Signer certificates link and click the Retrieve from port button.
    6. In the relevant fields, provide hostname, port (normally 636 for SSL connections), SSL configuration details, as well as the alias of the certificate for your LDAP server and click the Retrieve signer information button and then click OK.
  2. Follow these steps to enable SSL communications to your LDAP server:
    1. Click Security > Secure administration, applications, and infrastructure.
    2. Select Federated repositories from the Available realm definitions drop down list and click Configure.
    3. Select your LDAP server from the Repository drop down list.
    4. Enable the Require SSL communications check box and select the Centrally managed option.
    5. Click OK.
  3. Restart each Jazz for Service Management application server. Restarting Jazz for Service Management application servers.

What to do next

If you intend to enable single sign-on (SSO) so that users can log in once and then traverse to other applications without having to re-authenticate, configure SSO.
Parent topic: Configuring Jazz for Service Management for a central user registry