Creating a Keystore for LDAP SSL

Exporting your Active Directory Certificate
As an Administrative user on your Active Directory server:

  1. Open the Microsoft Management Console by running mmc.exe.
  2. Add the Certificates snap-in for the Computer Account (select the Local Computer).
  3. Locate your certificate in the resulting tree. If you are using a self-signed certificate then this will appear under the Personal folder.
  4. Right click on the certificate, select All Tasks > Export.
  5. Export the certificate (without the private key but will all associated trusted certificates) in Base 64 format.

Creating a Keystore
Once the certificate has been exported you will be able to create a keystore with this certificate that you can use to access your Active Directory server.

  • To do this you will use the keytool (keytool.exe on Windows) utility supplied with your Java runtime with the following command:

keytool -import -alias ldap -file <certificate file> -keystore shdomain.ks

  • Enter a secure password for your keystore. This will create a keystore file called shdomain.ks

You may also like