Installing an LDAP SSL Certificate

Civic Platform supports access, by way of LDAP protocols, to external users in Microsoft Active Directory and Novell eDirectory.

Before You Begin

You must add the trusted certificate for the secure LDAP server to the trusted cacert file on av.biz. You must configure your ServerConfig.properties file to point to this location.
The certificate name is ldapCA.cer and it resides in the av.biz conf directory.
The certificate alias must include your agency name, as in this example:
```
myagencyid_ldapca_cert
```
The java certificate store is as follows:
```
%AA_AS_HOME%\conf\trusted_cacerts
```

To install an LDAP SSL certificate

Go to a command prompt and enter:

Cd <drive:>\Accela\av.home 
Setenv.av.biz 
Cd %AA_AS_HOME%\conf 
keytool -import -alias myagencyid_ldapca_cert -file "ldapCA.cer " -keystore "%AA_AS_HOME%\conf\trusted_cacerts" -storepass "changeit"

The default biz.server.properties file contains this additional information:

#HTTS and LDAPS require the SSL Certificates to reside in a trusted certificates store.
```
av.ssl.trustStore=${jboss.server.home.dir}\\conf\\certs\\trusted_cacerts 
av.ssl.trustStorePassword=changeit 
```
Restart all services.