Skip to main content
Waters

How to install certificates for secure LDAP authentication in NuGenesis LMS - WKB53634

Article number: 53634

OBJECTIVE or GOAL

Install one or more certificates in a NuGenesis LMS server, in order to support user authentication with secure LDAP (LDAPS).

ENVIRONMENT

  • NuGenesis 9 LMS
  • NuGenesis 8 LMS
  • NuGenesis 8 ELN
  • LDAPS authentication was, or will be, configured in NuGenesis LMS

PROCEDURE

Files needed for this procedure:

ManageCert_LMS replaces the previous set of batch files (ImportCert_LMS, ExportCert_LMS, ListCert_LMS, and RemoveCert_LMS).  ManageCert_LMS combines the functions of the four prior scripts into one file.

  1. Download the batch file to the LMS server
  2. Open a command prompt window with Admin rights
  3. Run the ManageCert batch file with the file name as the first parameter. Example:
    • ManageCert_LMS_r4.bat C:\certs\LDAPS\rootCA.crt
  4. The batch file will use the Keytool program in the LMS server's embedded Java runtime environment to import the certificate into Java's certificate store
  5. Repeat step 3 if there are other certificates to import
  6. Close the command prompt window

ADDITIONAL INFORMATION

NuGenesis LMS does not use the Windows certificate store for LDAPS certificates. Certificate storage is within a binary file in the Java runtime environment.

Use the ManageCert_LMS script to remove a certificate from the Java keystore if or when an LDAP certificate is expired.  If a certificate in the LMS keystore expires, and LMS uses LDAPS authentication, then users will be blocked from logging in until the expired certificate is removed and replaced with a new (valid, not-expired) certificate.

Usage examples:

  1. ManageCert_LMS_r4.bat LIST
    • The script will print a list of all certificates in the Java keystore.  Each certificate has an alias name.  This alias is the key parameter for the Export, Remove, and Print commands
    • Example output: certificate_alias [jdk], Issued Date, trustedCertEntry,  Certificate fingerprint (hash-algorithm) : hash-value in hexadecimal
  2. ManageCert_LMS_r4.bat LIST VERBOSE
    1. The script will print a detailed list of all certificates in the Java keystore.  Each certificate has an alias name.  This alias is the key parameter for the Export, Remove, and Print commands
  3. ManageCert_LMS_r4.bat REMOVE certificate_alias
    1. Removes the specified certificate from the certificate store, if one is present in the cert store with that alias
  4. ManageCert_LMS_r4.bat DELETE certificate_alias
    • Same as the "Remove" command
  5. ManageCert_LMS_r4.bat PRINT certificate_alias
    • Prints details of the selected certificate, if one is present in the cert store with that alias
  6. ManageCert_LMS_r4.bat DISPLAY certificate_alias
    • Same the the "Print" command
  7. ManageCert_LMS_r4.bat EXPORT certificate_alias
    • Exports a certificate to a .cer file on disk.  The export directory is the current directory

id53634, ELN, NGLMS, NGLMSLIC, NGLMSOPT, SUPNG

Not able to find a solution? Click here to request help.