For secure connectivity to LDAP servers, you must import an LDAP certificate file to the Tomcat trust store. The following procedure describes how to import the LDAP certificate using the Avaya Aura® Web Gateway web administration portal.
You cannot import an LDAP certificate if:
The certificate contains an unsupported critical extension.
The certificate expired.
The start date of the certificate is in the future.
Avaya Aura® Web Gateway displays a warning message if a certificate cannot be imported.
Before you begin
Ensure that the FQDN that is configured as the address of the LDAP source is defined in one of the following places:
The Common Name in the Subject field.
Subject Alternative Name.
If you want to use LDAP discovery using DNS SRV records, ensure that the Subject Alternative Name of the certificate contains FQDNs of all LDAP server instances that must be discoverable.
You can use the following openssl command in the Avaya Aura® Web Gateway CLI to verify the certificate content:
On the Avaya Aura® Web Gateway web administration portal, navigate to General Network Settings > LDAP Configuration.
Select the Secure LDAP check box.
Click Import Certificate.
In the Import Certificate window, click Choose File and select the certificate from your computer.
Click Save.
Avaya Aura® Web Gateway uploads the certificate to a secure LDAP Server. If a certificate is already uploaded, Avaya Aura® Web Gateway overwrites the existing certificate.
