June 15, 2017 at 6:21 pm #17711Rick521Participant
I want to make OpenAM communicate with LDAPS server on port 636 which is IBM Tivoli Directory Server.
I see the KB Article here
I believe this article is expecting OpenDJ to be the LDAPS server which is not in my case, I also use ssl at f5 level.
The issue i’m facing is if i’m using the below configurations for external user store
# External OpenDJ based user data store
AMSetupServlet.ProcessRequest: errororg.forgerock.opendj.ldap.ConnectionException: Server Connection Closed: Heartbeat Failed
Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
My configurations are
OpenAM Version 13.5
USER_STORE=External IBM TDS
1) To enable TLS do I need to add any certs from Tivoli Directory Server into my openam keystore. ?
2) Do I also need to make any changes in my embedded opendj to allow this handshake to happen. ?
Any help is appreciated.
June 15, 2017 at 9:43 pm #17713Peter MajorModerator
- This topic was modified 5 years, 5 months ago by Peter Major.
First you should figure out if your container uses the default truststore. If not, then add the certificate to the truststore used by your container. If yes, then you should add your directory server’s certificate to the JVM’s truststore.
You must be logged in to reply to this topic.