无需向您的管理员询问ssl证书.如果您的组织使用 ldaps ，并且 ldap 服务器上安装的证书是自签名证书，但不在您的密钥库中，那么您需要将该证书添加到> JVM 密钥库.现在，要获取该证书，请运行以下查询 openssl s_client -connect< ldapserver>:636

There is no need to ask your admin for the ssl certificate. If your organization uses ldaps and the certificate installed on the ldap server is a self signed cert which is not in your keystore, then you need to add the cert to your JVM keystore. Now to get that certificate run the below query openssl s_client -connect <ldapserver>:636

这将通过 ----- BEGIN CERTIFICATE ----- 和 --------- END CERTIFICATE -------给出一些输出-.将这些字符串之间的文本复制到文件 ldap.cert .

This will give some output with -----BEGIN CERTIFICATE----- and ---------END CERTIFICATE--------. Copy the text between these strings to a file ldap.cert.

keytool -import -alias CompanyAD -file ldap.cert -keystore $ JAVA_HOME/lib/security/cacerts -storepass changeit .如果您的密钥库被篡改，则可能必须在系统中重新安装Java.

keytool -import -alias CompanyAD -file ldap.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit. If your keystore is tampered probably you may have to reinstall Java in the system.