Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 6 Next »

NOTE: Assume certificate used for LDAPS was created using Active Directory Certificate Services.

Export Root CA from Active Directory Server

  1. Log on as domain administrator on the Active Directory domain server.

    1. Click Start 🢂 Windows Administrative Tools 🢂 Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.

    2. Highlight the CA computer, and right-click to select CA Properties.

    3. From General menu, click View Certificate.

    4. Select the Details view, and click Copy to File on the lower-right corner of the window.

    5. Use the Certificate Export Wizard to save the CA certificate file

    6. Click Next, select Base-64 encoded X.509 (.CER)

    7. Click Browse to select path to save the root-CA

    8. Click Finish.

Install Root CA on Cloud Gateway

  1. Copy the root-CA (acme-ca-bundle.crt) to all Cloud Gateway:
    /etc/pki/ca-trust/source/anchors/acme-ca-bundle.crt

  2. Run below command on Cloud Gateway
    update-ca-trust

  3. Restart Gateway Services
    systemctl restart cloudgateway

Test LDAPS connection from Cloud Gateway

  1. Download Duo Certification Verification Utility to Cloud Gateway
    cd /root/datacore
    curl -fLO https://dl.duosecurity.com/acert-linux
    chmod +x acert-linux

  2. Run below command to verify LDAPS certificate
    ./acert-linux -host ad.acme.local -port 636

  3. Make sure Cloud Gateway can reach Active Directory

Configure LDAPS on Cloud Gateway

  1. Create a User account can login to Active Directory with read only access to LDAP/LDAPS.

  2. Refer to LDAP Configuration to configure gateway authenticate with Active Directory LDAP.

  3. Change protocol

    1. ldap âž” ldaps

    2. Port 389 âž” 636

  4. Now should able login Cloud Gateway authenticate with Active Directory using LDAPS

  5. In case test login from Cloud Gateway UI failed.

  6. Verify errors by Request ID at /var/log/caringo/cloudgateway_server.log.
    grep 'request_id' /var/log/caringo/cloudgateway_server.log
    Sample certificate error:
    2023-04-07 09:39:18,309 ERROR [qtp1357686726-9493|BC005B3EB68626F8] LDAPIdsys: Unable to connect to identity system ldaps://ad01.acme.internal:636 as ldapUser@acme.internal: javax.naming.CommunicationException: simple bind failed: ad01.acme.internal:636 [Root exception is javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target]

  • No labels

© DataCore Software Corporation. · https://www.datacore.com · All rights reserved.