Changing LDAPS SSL configuration

The SSL configuration used by outbound LDAP requests is set up by default. You can change two aspects of it:

These instructions assume that you have already enabled secure LDAPS for Build Forge and that you have not enabled SSL for Build Forge components.

To change the LDAPS SSL configuration, do the following:
  1. If you are changing the location or name of the truststore, place it on the Build Forge host in the desired location. Add the LDAP server's signer certificate to it.
  2. Create a truststore configuration in Administration > Security > Keystore if needed. The truststore configuration includes properties for the location and name of the truststore.
  3. Create an SSL configuration in Administration > Security > SSL if needed. Configure it to use the new truststore configuration (if you created one). Make other adjustments to the configuration as needed.
  4. In Administration > Security, set SSL Enabled to Yes if it is not already set. Additional fields appear.
  5. Select the SSL configuration you created in the Outbound LDAP list. Do not change the other settings.
  6. Click Save.
  7. Click Update Master BFClient.conf.
  8. If SSL was not enabled before, do the following:
    1. Click SSL Enabled to No.
    2. Click Save.
    3. Click Update Master BFClient.conf.
  9. Restart Build Forge.
  10. In Administration > LDAP, select your LDAP configuration.
  11. Click Test Connection.

Feedback