The SSL configuration used by outbound LDAP requests is set up
by default. You can change two aspects of it:
- SSL configuration. You need to do this if your LDAP server cannot
communicate with Build Forge using the default protocol or handshake.
- Keystore configuration. Strict SSL requires that you place a signer
certificate in the truststore used by the client (Build Forge) to
communicate securely with the LDAP server. If you want to use a different
truststore or place it in a different location, you need to create
a new keystore configuration in Build Forge for the truststore.
These instructions assume that you have already enabled secure
LDAPS for Build Forge and that you have not enabled SSL for Build
Forge components.
To change the LDAPS SSL configuration, do the following:
- If you are changing the location or name of the truststore, place
it on the Build Forge host in the desired location. Add the LDAP server's
signer certificate to it.
- Create a truststore configuration in if needed. The truststore configuration includes properties
for the location and name of the truststore.
- Create an SSL configuration in if
needed. Configure it to use the new truststore configuration (if you
created one). Make other adjustments to the configuration as needed.
- In , set SSL Enabled to Yes if it
is not already set. Additional fields appear.
- Select the SSL configuration you created in the Outbound
LDAP list. Do not change the other settings.
- Click Save.
- Click Update Master BFClient.conf.
- If SSL was not enabled before, do the following:
- Click SSL Enabled to No.
- Click Save.
- Click Update Master BFClient.conf.
- Restart Build Forge.
- In , select your LDAP configuration.
- Click Test Connection.