Prerequisites for configuring LDAP SSL

Prerequisites for configuring LDAP SSL


Role Required: SDAdmin

By default, any LDAP communication between client and server applications are not encrypted, making it vulnerable to network monitoring jump devices/software. AssetExplorer employs LDAP SSL to secure the communication between the AD server and the AssetExplorer server.

Prerequisites to configure LDAP SSL for AD server:
  1. Ensure the server FQDN (Fully Qualified Domain Name) is accessible from client. Otherwise, add the host entry in the host file in the client machine.
  2. The Active Directory Certificate Services must be installed to use LDAP SSL certificate as explained in here.
  3. Enable your AD server to support LDAP over SSL. Click here to learn how.
  4. The LDAPS certificate imported to AD server in the previous step must be fetched and imported to the client machine (AssetExplorer server) in Personal folder as explained below:
    1. Click Start, type mmc, and then click OK.
    2. Click File and then click Add/Remove Snap-in.
    3. Click Certificates and then click Add.
    4. In Certificates snap-in select Computer account and then click Next.
    5. On the Certificate Store page, right-click Personal > Import certificate, import the LDAP certificate from the copied folder, and provide the password set while creating the certificate.
  5. Import Root CA certificate in Trusted Root Certificate Authorities to allow your client machine to trust the imported LDAP certificate. This is vital since imported LDAP certificates will not be trusted due to cross domains, by default.
    1. Access the CA web console: https://<CA Server>/certsrv and provide Administrator credentials. If the URL is not accessible, install Certificate Enrollment Web Service as explained in this guide.
    2. In the console, click Download a CA certificate, certificate chain, or CRL.
    3. On the next page click Download CA certificate and save the certificate.
    4. Import the downloaded CA certificate to the Trusted Root Certificate Authority as explained in the below steps,
      1. Click Start, type mmc, and then click OK.
      2. Click File and then click Add/Remove Snap-in.
      3. Click Certificates and then click Add.
      4. In Certificates snap-in select Computer account and then click Next.
      5. On the Certificate Store page, right-click Trusted Root Certificate Authority and import the above certificate
    • Related Articles

    • LDAP Authentication

      Role Required: SDAdmin You can allow users to log in to AssetExplorer using their LDAP credentials. After the users are imported, hover over the LDAP authentication check box. Click Edit. Select the Enable LDAP Authentication checkbox. Click Save. ...
    • Schedule LDAP Import

      Role Required: SDAdmin You can schedule LDAP import at regular intervals to keep your user repository in sync with the LDAP server. When you schedule a LDAP import, data from all the configured LDAP servers in the application is imported once every ...
    • Configuring Database

      In GUI Setups AssetExplorer is bundled with PostgreSQL database. You can also configure the application to set up MSSQL database. Configure PostgresSQL database Go to <AssetExplorer_Home>\bin directory in the command prompt and execute the ...
    • Enable SSL Connection in MSSQL

      Secure the AssetExplorer MSSQL database by setting up an SSL connection. To create an SSL connection, you must obtain either a self-signed SSL certificate or purchase a verified SSL certificate from a vendor. To generate a self-signed certificate, go ...
    • Import SSL Certificate

      An SSL (Secure Sockets Layer) certificate is a digital certificate that verifies a website's identity and allows for an encrypted connection. If AssetExplorer operates on an HTTPS port or uses HTTPS mode for communication with Endpoint Central ...