11

I need to talk to an LDAP server via spring-ldap with SSL, and the other end has a self-signed certificate no less.

Can any kind soul please point me to some instructions for setting this up?

bmargulies
  • 91,317
  • 38
  • 166
  • 290

2 Answers2

7

Check out Spring LDAP documentation for connecting to LDAP server over HTTP(S):

As far as self signed certificate is concerned, you can import certificate chain into a truststore and set the following VM arguments:

-Djavax.net.ssl.trustStore="<path to truststore file>"
-Djavax.net.ssl.trustStorePassword="<passphrase for truststore>"

or override the truststore at runtime like:

System.setProperty("javax.net.ssl.trustStore","<path to truststore file>");
System.setProperty("javax.net.ssl.trustStorePassword","<passphrase for truststore>");

Keep in mind that both options will override default JVM truststore. So if you are hitting different sites with different certs, you may want to import all of them into one truststore.

In case you need help creating truststore file, refer to this: Digital Certificate: How to import .cer file in to .truststore file using?

Community
  • 1
  • 1
helios
  • 2,193
  • 4
  • 18
  • 26
-1

Note: If the other end is a trusted source then you might also skip the certification check, as I had to do because any few months the certificate was changed and I was constrained to import into my local truststore and the other environments' truststores, test, production, the new certificate, every single time.

launique
  • 44
  • 5
  • 1
    This approach works, but you have to be aware of the consequences... If you are handling sensitive data, I would not recommend it even if both machines are in de same site... Trusted certificates help you to make sure that the server you are talking to is the authentic one and not a Man in the Middle attack... For client-server communication I would not recommend it at all... – Martin Oct 21 '15 at 06:38
  • how can we skip certification check – user3444718 Apr 12 '19 at 00:14