Obtaining LDAP Server Certificate

Last Updated : Jun 05, 2026 |

About this task

Use this procedure to obtain LDAP server certificate and configure Keycloak using a secure LDAP.

Before you begin

Use openssl to export the LDAP server's certificate, by running the following commands:

echo | openssl s_client -connect <LDAP FQDN>:636 -showcerts

echo | openssl s_client -connect ldap.example.com:636 -showcerts

Example:

The following command displays the LDAP servers certificate:

echo | openssl s_client -connect

asewinsrvdc.aseteam.ch:636 -showcerts

  • When the certificate is displayed, copy the certificate along with the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines to a file. For example: ldap-server.crt.

Next Steps

Importing the Certificate into the Keycloak Truststore