Importing a Digital Certificate onto a Crowd Server
For a Crowd server to trust your directory's certificate, the certificate must be imported into your Java runtime environment. The JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts
and it lives in the jre\lib\security
sub-directory of your Java installation.
In the following examples, we use server-certificate.crt
to represent the certificate file exported by your Directory Server. You will need to alter the instructions below to match the name actually generated.
Windows
- Navigate to the directory in which Java is installed. It's probably called something like
C:\Program Files\Java\jdk1.5.0_12
. - Run the command below, where
server-certificate.crt
is the name of the file from your directory server:keytool -import -keystore .\jre\lib\security\cacerts -file server-certificate.crt
keytool
will prompt you for a password. The default keystore password ischangeit
.- When prompted
Trust this certificate? [no]:
enteryes
to confirm the key import:Enter keystore password: changeit Owner: CN=ad01, C=US Issuer: CN=ad01, C=US Serial number: 15563d6677a4e9e4582d8a84be683f9 Valid from: Tue Aug 21 01:10:46 ACT 2007 until: Tue Aug 21 01:13:59 ACT 2012 Certificate fingerprints: MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE SHA1: 73:73:4E:A6:A0:D1:4E:F4:F3:CD:CE:BE:96:80:35:D2:B4:7C:79:C1 Trust this certificate? [no]: yes Certificate was added to keystore
You may now use the Secure SSL
option when using Crowd to connect to your directory.
Unix
- Navigate to the directory in which Java is installed.
cd $JAVA_HOME
will usually get you there. - Run the command below, where
server-certificate.crt
is the name of the file from your directory server:sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt
keytool
will prompt you for a password. The default keystore password ischangeit
.- When prompted
Trust this certificate? [no]:
enteryes
to confirm the key import:Password: Enter keystore password: changeit Owner: CN=ad01, C=US Issuer: CN=ad01, C=US Serial number: 15563d6677a4e9e4582d8a84be683f9 Valid from: Tue Aug 21 01:10:46 ACT 2007 until: Tue Aug 21 01:13:59 ACT 2012 Certificate fingerprints: MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE SHA1: 73:73:4E:A6:A0:D1:4E:F4:F3:CD:CE:BE:96:80:35:D2:B4:7C:79:C1 Trust this certificate? [no]: yes Certificate was added to keystore
You may now use the Secure SSL
option when using Crowd to connect to your directory.
Mac OS X
- Navigate to the directory in which Java is installed. This is usually
/Library/Java/Home
. - Run the command below, where
server-certificate.crt
is the name of the file from your directory server:sudo keytool -import -keystore ./jre/lib/security/cacerts -file server-certificate.crt
keytool
will prompt you for a password. The default keystore password ischangeit
.- When prompted
Trust this certificate? [no]:
enteryes
to confirm the key import:Password: Enter keystore password: changeit Owner: CN=ad01, C=US Issuer: CN=ad01, C=US Serial number: 15563d6677a4e9e4582d8a84be683f9 Valid from: Tue Aug 21 01:10:46 ACT 2007 until: Tue Aug 21 01:13:59 ACT 2012 Certificate fingerprints: MD5: D6:56:F0:23:16:E3:62:2C:6F:8A:0A:37:30:A1:84:BE SHA1: 73:73:4E:A6:A0:D1:4E:F4:F3:CD:CE:BE:96:80:35:D2:B4:7C:79:C1 Trust this certificate? [no]: yes Certificate was added to keystore
You may now use the Secure SSL
option when using Crowd to connect to your directory.