E1 LDAPS Configuration

Jeremy M.

Well Known Member
Has anyone configured E1 for LDAPS authentication? I'm attempting to switch from LDAP authentication to LDAPS and I am not having much luck. We use self-signed certificates. The steps to use SSL with LDAP are presented into the Security Administration Guide - http://docs.oracle.com/cd/E53430_01/EOTSC/E53542-08.pdf

You can find bellow an extract:
=============EXTRACT================= LDAP Authentication Over SSL/TLS for Windows and UNIX
The EnterpriseOne server uses Netscape's certificate database, cert7.db. You can obtain a cert7.db using the PKCS Utilities distributed by Netscape. Refer to Netscape's documentation for more information on obtaining and using the PKCS Utilities.
For Windows and UNIX, establishing the secure connection between the EnterpriseOne application server and the LDAP server requires these items:

■ Cert7.db certificate database from Netscape.
■ A server certificate for the LDAP server.
■ The trusted root certificate from the certificate authority (CA) that issues the server certificate.

14.5.2 Enabling LDAP Authentication Over SSL/TLS for Windows and UNIX

To enable LDAP authentication over SSL for Windows or UNIX:

1.Follow the documentation for your directory server to add the server certificate to the directory server.
2.Using Netscape's PKCS Utilities, add the CA's trusted root certificate to the cert7.db certificate database.
3.Enable SSL for the LDAP configuration using the LDAP Server Configuration Workbench application.
4.Specify the SSL/TLS parameters.
See Configuring the LDAP Server Settings.
5.Restart the EnterpriseOne server.
14.2.6 Configuring the LDAP Server Settings

Dir path for cert7.db (SSL/TLS)

For Windows and UNIX: This specifies the directory path to the cert7.db file (SSL/TLS). This file should generally be located in the system\bin32 directory on the Enterprise Server.

I didn't even know Netscape was still around... does anyone have more information on how to create the cert7.db??

Jeremy M.

Well Known Member
Thanks, I had found that blog but still wasn't able to get it to work. Oracle Support finally told me that SHA1 is required. I don't understand how this feature has not been updated in decades. Here is the bug information if anyone else is interested:

Bug 20895820 : LDAP OVER SSL USING 2048 BITS