更新时间:2021-07-24 07:39:40
无需向您的管理员询问ssl证书.如果您的组织使用 ldaps
,并且 ldap
服务器上安装的证书是自签名证书,但不在您的密钥库中,那么您需要将该证书添加到> JVM
密钥库.现在,要获取该证书,请运行以下查询 openssl s_client -connect< ldapserver>:636
There is no need to ask your admin for the ssl certificate. If your organization uses ldaps
and the certificate installed on the ldap
server is a self signed cert which is not in your keystore, then you need to add the cert to your JVM
keystore. Now to get that certificate run the below query
openssl s_client -connect <ldapserver>:636
这将通过 ----- BEGIN CERTIFICATE -----
和 --------- END CERTIFICATE -------给出一些输出-
.将这些字符串之间的文本复制到文件 ldap.cert
.
This will give some output with -----BEGIN CERTIFICATE-----
and ---------END CERTIFICATE--------
. Copy the text between these strings to a file ldap.cert
.
keytool -import -alias CompanyAD -file ldap.cert -keystore $ JAVA_HOME/lib/security/cacerts -storepass changeit
.如果您的密钥库被篡改,则可能必须在系统中重新安装Java.
keytool -import -alias CompanyAD -file ldap.cert -keystore $JAVA_HOME/lib/security/cacerts -storepass changeit
.
If your keystore is tampered probably you may have to reinstall Java in the system.