How to install certificates for secure LDAP authentication in NuGenesis LMS - WKB53634
OBJECTIVE or GOAL
Install one or more certificates in a NuGenesis LMS server, in order to support user authentication with secure LDAP (LDAPS).
ENVIRONMENT
- NuGenesis 9 LMS
- NuGenesis 8 LMS
- NuGenesis 8 ELN
- LDAPS authentication was, or will be, configured in NuGenesis LMS
PROCEDURE
Files needed for this procedure:
ManageCert_LMS replaces the previous set of batch files (ImportCert_LMS, ExportCert_LMS, ListCert_LMS, and RemoveCert_LMS). ManageCert_LMS combines the functions of the four prior scripts into one file.
- Download the batch file to the LMS server
- Open a command prompt window with Admin rights
- Run the ManageCert batch file with the file name as the first parameter. Example:
- ManageCert_LMS_r4.bat C:\certs\LDAPS\rootCA.crt
- The batch file will use the Keytool program in the LMS server's embedded Java runtime environment to import the certificate into Java's certificate store
- Repeat step 3 if there are other certificates to import
- Close the command prompt window
ADDITIONAL INFORMATION
NuGenesis LMS does not use the Windows certificate store for LDAPS certificates. Certificate storage is within a binary file in the Java runtime environment.
Use the ManageCert_LMS script to remove a certificate from the Java keystore if or when an LDAP certificate is expired. If a certificate in the LMS keystore expires, and LMS uses LDAPS authentication, then users will be blocked from logging in until the expired certificate is removed and replaced with a new (valid, not-expired) certificate.
Usage examples:
- ManageCert_LMS_r4.bat LIST
- The script will print a list of all certificates in the Java keystore. Each certificate has an alias name. This alias is the key parameter for the Export, Remove, and Print commands
- Example output: certificate_alias [jdk], Issued Date, trustedCertEntry, Certificate fingerprint (hash-algorithm) : hash-value in hexadecimal
- ManageCert_LMS_r4.bat LIST VERBOSE
- The script will print a detailed list of all certificates in the Java keystore. Each certificate has an alias name. This alias is the key parameter for the Export, Remove, and Print commands
- ManageCert_LMS_r4.bat REMOVE certificate_alias
- Removes the specified certificate from the certificate store, if one is present in the cert store with that alias
- ManageCert_LMS_r4.bat DELETE certificate_alias
- Same as the "Remove" command
- ManageCert_LMS_r4.bat PRINT certificate_alias
- Prints details of the selected certificate, if one is present in the cert store with that alias
- ManageCert_LMS_r4.bat DISPLAY certificate_alias
- Same the the "Print" command
- ManageCert_LMS_r4.bat EXPORT certificate_alias
- Exports a certificate to a .cer file on disk. The export directory is the current directory
id53634, ELN, NGLMS, NGLMSLIC, NGLMSOPT, SUPNG