Network Automation Practitioners Forum
Showing results for 
Search instead for 
Do you mean 

SSL Ldap integration for NA 9 (Network Automation 9)

Super Advisor

SSL Ldap integration for NA 9 (Network Automation 9)

[ Edited ]

Hi,

We are using NA 9.
We are trying to make SSL Ldap integration.
But we get the below error.

Failure connecting to server ldap11.xxxx.com: [simple bind failed: ldap11.xxxx.com:636]

We also tried to make not-ssl ldap over port 389. It is working. But SSL is not working. We uploaded the certificate to NA 9 server.

 

 

P.S. This thread has been moved from Network Management / (OpenView-NNM) Support and News Forum to Network Automation Support and News Forum. - Hp Forum Moderator

2 REPLIES
Super Advisor

Re: SSL Ldap integration for NA 9 (Network Automation 9)

Hi,

I found below error in logs.

Certificate contains unsupported critical extensions: [2.5.29.17]
Occasional Advisor

Re: SSL Ldap integration for NA 9 (Network Automation 9)

IMPLEMENTING:

1. At a Windows command prompt, go to:
<install directory>\jre\bin
2. Enter: keytool -import -file PATH_TO_THE_CERT_FILE -alias ADSCert -keystore ../../
server/ext/jboss/server/default/conf/truecontrol.keystore

The keystore password is “sentinel”

Replace the PATH_TO_THE_CERT_FILE with the absolute path of the HEB_RootCA_v2.cert and HEB_Infrastructure_CA_v1.cer files

3. Enter: keytool -import -file PATH_TO_THE_CERT_FILE -alias ADSCert -keystore ../../
server/ext/jboss/server/default/conf/truecontrol.truststore

The keystore password is “sentinel”

Replace the PATH_TO_THE_CERT_FILE with the absolute path of the HEB_RootCA_v2.cert and HEB_Infrastructure_CA_v1.cer files


4.Restart NA with the Services Applet (or /etc/init.d/truecontrol script on Solaris or
Linux). If you restart NA from the UI, the keystore changes will not be loaded.