LDAPS Connections
LDAPS Connections (LDAP over SSL)
The objective of configuring ExtraView for LDAPS is to install the LDAP server SSL certificate into the JVM that is used by the application server hosting the ExtraView web application. This allows the client (the ExtraView webapp) to be able to authenticate directly to the LDAP server.
Before starting the process to configure ExtraView to work in this mode, ensure the LDAP server has already been configured for secure LDAP with a SSL certificate, and the secure LDAP port has been confirmed to be active. Consult your LDAP server documentation for configuring your LDAP server for secure LDAP with an SSL certificate.
It is beyond the scope of this document and beyond the scope of your ExtraView support team to explain this further, as much depends on your underlying environment. There is good online help available within Oracle’s web site.
The SSL certificate installed here is also used to configure the ExtraView server in the next step.
Certificate Configuration
- This uses the
keytoolutility that manages certificates and is installed with your Java installation.keytoolis a command-line utility with numerous arguments that allows you to create and manage keystores that house digital certificates. For the complete documentation ofkeytool, visit https://docs.oracle.com/javase/8/docs/technotes/tools/windows/keytool.html.- You can list the current certificates contained within the keystore using the
keytool -list command. The initial password for thecacertskeystore is changeit.For example, you may see the following in a Windows environment:
C:\ExtraView\java\jre\bin>keytool -list -keystore ..\libsecuritycacertsEnter the default keystore password: changeit. You will then see the something like this: - Now you add the certificate you previously installed to this keystore. Begin by exporting your CA Root certificate from your browser as a DER-encoded binary file and save it as
C:\root.cer. Within Internet Explorer, you can view the installed certificates under Tools –> Internet Options –> Content –> Certificates. Once you open the certificates, locate the one you just installed under Trusted Root Certification Authorities. Select and click on Export. This can be saved as a DER encoded binary within your C: drive - Use the
keytool -importcommand to import this file into yourcacertskeystore. For example:
Keystore type: jks
Keystore provider: SUNYour keystore contains 5 entries:engweb, Wed Apr 11 16:22:49 EDT 2025, trustedCertEntry?,
Certificate fingerprint (MD5): 8C:24:DA:52:7A:4A:16:4B:8E:FB:67:44:C9:D2:E4:16 thawtepersonalfreemailca, Fri Feb 12 15:12:16 EST 1999, trustedCertEntry?,
Certificate fingerprint (MD5): 1E:74:C3:86:3C:0C:35:C5:3E:C2:7F:EF:3C:AA:3C:D9 thawtepersonalbasicca, Fri Feb 12 15:11:01 EST 1999, trustedCertEntry?,
Certificate fingerprint (MD5): E6:0B:D2:C9:CA:2D:88:DB:1A:71:0E:4B:78:EB:02:41 verisignclass3ca, Mon Jun 29 13:05:51 EDT 1998, trustedCertEntry?,
Certificate fingerprint (MD5): 78:2A:02:DF:DB:2E:14:D5:A7:5F:0A:DF:B6:8E:9C:5D thawteserverca, Fri Feb 12 15:14:33 EST 1999, trustedCertEntry?,
Certificate fingerprint (MD5): C5:70:C4:A2:ED:53:78:0C:C8:10:53:81:64:CB:D0:1D thawtepersonalpremiumca, Fri Feb 12 15:13:21 EST 1999, trustedCertEntry?C:\ExtraView\java\bin\keytool -alias myprivateroot -keystore ..\libsecuritycacerts -file c:\root.cerEnter default keystore password: changeitOwner: CN=Division name, OU=Department, O=Your Company, L=Anytown,ST=NC, C=US, EmailAddress?=you@company.comIssuer: CN=Division name, OU=Department, O=Your Company, L=Anytown,ST=NC, C=US, EmailAddress?=you@company.comSerial number: 79805d77eecfadb147e84f8cc2a22106- You will now see a list of all the certificates including the one you just added. This confirms that your private root certificate has been added to the ExtraView Java
cacertskeystore as a trusted certificate authority- Stop and restart the application server supporting ExtraView to pick up the new certificate.
- You can list the current certificates contained within the keystore using the