Adding LDAP or SMTP SSL certificate to the list of trusted certificates on the Cryptshare server

Adding LDAP or SMTP SSL certificate to the list of trusted certificates on the Cryptshare server


Applies to:

All versions of Cryptshare Server

Symptom:

The connection to LDAP cannot be established using SecureLDAP or connection to SMTP Host cannot be established using secure connection

Cause:

Usually a self-signed SSL certificate is installed on LDAP or SMTP server, which cannot be trusted by Java

Solution:

Method 1) Using the Windows GUI:

The simplest way to install certificates is to download and install a program called Keystore Explorer to import your certificate into the keystore. The default password for the keystore is "changeit"

Method 2) Using the Command Line:

Import the LDAP or SMTP SSL certificate to Java keystore of Cryptshare Installation Linux Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the folder /root
  • log in as root on the appliance
  • change into Java folder and change the permissions for keytool
cd /opt/cryptshare-3/jre/bin/
chmod +x keytool
  • import the SSL certificate
./keytool -import -trustcacerts -keystore ../lib/security/cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP or SMTP server and <SSL Certificate> is the certificate inclusive the path, e.g.  /root/LDAP-SSL-certificate.crt or /root/SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service
systemctl restart cryptshare (use rccryptshare restart up to and including v.7.1)

Windows Server

  • copy the SSL certificate in x.509 format (.cer, .crt, .pem) to the server
  • open command line
  • change into Cryptshare Java folder
cd <Cryptshare installation folder>\jre\bin
  • import the SSL certificate
keytool.exe -import -trustcacerts -keystore ..\lib\security\cacerts -alias <sitename> -file <SSL Certificate>

where <alias> is the name of LDAP server and <SSL Certificate> is the certificate inclusive the path, e.g.  <User Desktop>\LDAP-SSL-certificate.crt or <User Desktop>\SMTP-SSL-certificate.crt The default password for the JAVA certificate storage  is changeit

  • restart Cryptshare service

Now the SecureLDAP connection should work fine.


    • Related Articles

    • Installation of an existing SSL certificate (e.g. wildcard SSL certificate)

      Applies to: All versions of Cryptshare Server Purpose: This article describes how to install an already existing SSL certificate (e.g. wildcard SSL certificate) to your Cryptshare Server Solution: 1. Create new Java-Keystore with KeyStore Explorer 2. ...

    • The requested public SSL certificate cannot be imported

      Applies to All versions of Cryptshare Server Symptom The requested SSL certificate cannot be imported into the keystore with the following error: English: Could not establish trust for the CA Reply. German: Vertrauenskette für die CA Antwort konnte ...

    • SMTP Auth BasicOAuth

      Applies To: All versions of Cryptshare Server Problem Microsoft will disable Basic Authentication in Office365 / Exchange Online in October 2022. Cryptshare is using SMTP Auth, so what does that mean to our customers? Solution/Workaround Cryptshare ...

    • Configuring MS Exchange Online as SMTP relay for Cryptshare

      Inhaltsverzeichnis 1 Applies to: 2 Purpose: 3 Solution: 3.1 Create a Connector to allow relaying 3.2 Check your DNS-Records Applies to: All versions of Cryptshare Server Purpose: If you are using Microsoft Office 365 and your mail server is cloud ...

    • Migrating Cryptshare

      Applies to: All versions of Cryptshare Server Purpose: This article guides you through a Cryptshare Server migration. Solution: Be sure that your Cryptshare Server is running at least version 4.3.0 before proceeding. If not, please update as ...