OpenWGA 7.10 - OpenWGA Concepts and Features

You can configure OpenWGA to access an LDAP directory server on a secure SSL connection if your directory server supports it. It will encrypt the data transferred over the network to protect it from being sniffed.

You need some basic knowledge about SSL technology and the Java security mechanisms to understand this process.

The following conditions must be met:

• A keystore file for CA certificates must be made available to the Java VM. It is set via this Java system property:
  
  javax.net.ssl.trustStore := filepath
  
  
• If the password of this keystore differs from the default "changeit" it must also be given to the VM as Java system property javax.net.ssl.trustStorePassword
• The CAs in the keystore file must accept the SSQL certificate of the directory server as valid. Therefor the SSL certificate of the server must be imported to the keystore file. You can use the command line tool" keytool" for this which is contained in every Java JDK distribution. Use this command syntax:
  
  keytool -import -file <certificate> -keystore <keystore-file>
  
  Some notes about this:
• The default keystore of a Java VM normally is located in the VM subdirectory "lib/security/cacerts"
• The default password for this default keystore is "changeit"

• Add the option "Directory Server Protocol" to the auth configuration and set it to "Secure LDAP (ldaps)"
• Add the option "Directory Server Port" to the auth configuration and set it to the TCP/IP port where your LDAP server accepts SSL connections