Create a keystore or SSL or TLS communications to LDAP
If you choose to use SSL or TLS security protocols for communications with your LDAP directory, you must have a security certificate. You must obtain a valid certificate from a Certificate Authority. That certificate must be saved to a specific directory on your FortiNAC appliance.
SSL or TLS protocols are selected on the Directory Configuration window when you set up the connection to your LDAP directory. See Add/modify directory - Connection tab for information on configuring the connection to your LDAP directory. Follow the steps below to import your certificate.
You should be logged in as root to follow this procedure.
-
When you have received your certificate from the Certificate Authority, copy the file to the
/bsc/campusMgr/directory on your FortiNAC server. -
Use the keytool command to import the certificate into a keystore file.
For example, if your certificate file is named MainCertificate.der, you would type the following:
keytool -import -trustcacerts -alias <MyLDAP> -file MainCertificate.der -keystore .keystore
Depending on the file extension of your certificate file, you may need to modify the command shown above. For additional information on using the keytool key and certificate management tool go to the Sun web site java.sun.com.
-
When the script responds with the Trust this certificate? prompt, type Yes and press Enter.
-
At the prompt for the keystore password, type in the following password and press Enter:
^8Bradford%23
-
To view the certificate, navigate to the
/bsc/campusMgr/directory and type the following:keytool -list -v -keystore .keystore -
Type the password used to import the certificate and press Enter.
The keystore is cached on start up. Therefore, it is recommended that you restart FortiNAC after making any changes to the keystore.