Crowd 2.0 : Configuring an SSL Certificate for Microsoft Active Directory
This page last changed on May 23, 2008 by smaddox.
You can configure Crowd to work with Microsoft Active Directory by setting up an LDAP connector in Crowd. If you wish to use Crowd to add users or change passwords in Active Directory, you will need to install an SSL certificate generated by your Active Directory server and then install the certificate into your JVM keystore. On this page: PrerequisitesMake sure that you have the following installed on your Windows server (domain controller):
Step 1. Install the Microsoft Certificate Services
Step 2. Obtain the Server CertificateThe steps above describe how to install the certification authority (CA) on your Microsoft Active Directory server. Next, you will need to add the Microsoft Active Directory server's SSL certificate to the list of accepted certificates used by the JDK that runs your Crowd server. The Active Directory certificate is automatically generated and placed in root of the C:\ drive, matching a file format similar to the tree structure of your Active Directory server, e.g. c:\crowd-ad2000.ad01.crowd.atlassian.com_ad01.crt. You can also export the certificate by executing this command on the Active Directory server: certutil -ca.cert crowd-client.crt Step 3. Import the Server CertificateFor a Crowd server to trust your directory's certificate, the certificate must be imported into your Java runtime environment. The JDK stores trusted certificates in a file called a keystore. The default keystore file is called cacerts and it lives in the lib\security sub-directory of your Java installation. In the following examples, we use server-certificate.crt to represent the certificate file exported by your Directory Server. You will need to alter the instructions below to match the name actually generated. Windows
You may now use the Secure SSL option when using Crowd to connect to your directory. Unix
You may now use the Secure SSL option when using Crowd to connect to your directory. Mac OS X
You may now use the Secure SSL option when using Crowd to connect to your directory. RELATED TOPICSMicrosoft Active Directory ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() |
![]() |
Document generated by Confluence on Jul 30, 2009 01:29 |