How to setup LDAPS (Lightweight Directory Access Protocol Over Secure Socket Links) with X3.

2 minute read time.

Previously on prior posts I talked about how to setup LDAP and also how to set up Automatic Sync for LDAP.


Starting with Product update 8, an additional enhancement was added to LDAP entity in X3 in order to use SSL. This SSL is for securing the communication between X3 server and your LDAP server, which in certain configurations might be needed.

Before we start I encourage you to visit Microsoft LDAP over SSL (LDAPS) Certificate which discusses why you should turn on LDAPS and how you can generate a CA certificate which then is imported to your active directory.

In this example I already have a Microsoft Active directory setup, and I have followed the above article to generate a CA certificate which I have imported to my Active directory, therefore in my Certificate snap-in I have below CA certificate which is used with my active directory. 



Follow below steps in order to export your CA certificate and import it to X3.

  1. Right click on your CA certificate and choose All Tasks and select Export..




  2. Click Next.
  3. Keep the selection "No, do not export the private key"

  4. Select Base-64 encoded X.509(.CER) for the output format and click Next.



  5. Use the browse button to point to a folder and enter a name for your exported certificate and click Next.



  6. Click Finish.
  7. This will export your CA certificate.
  8. Now in X3, open Administration, Administration, Certificates, Certificate of certification authorities.
  9. Click New CA certificate.
  10. Enter a name and use the Select file to upload your CA certificate you had exported from your active directory to X3.



  11. Click Save.
  12. Open Administration, Administration, Settings, Authentication, LDAP servers. 
  13. Modify the existing LDAP record you had created before.
  14. Add the CA certificate you had created and change the URL to ldaps with proper server name and port.



  15. Click Save.

Conclusion: Above was a simple example on, how you can consume your CA certificate in X3 to secure the connection between X3 server and LDAP server.