FME Flow: 2025.0
To authenticate LDAP over SSL (LDAPS) connections using a CA-signed certificate, import the certificate and instruct FME Flow to add it to the list of trusted certificates.
- Make a backup of the cacerts file that contains the current list of trusted Certificate Authorities. This file is located in:
-
From your domain administrator, obtain your DC host’s certificate and any intermediary and root CA files in the certificate chain as individual .cer files. You can also use a wildcard certificate instead of the specific DC host’s certificate.
-
Import the DC server-level certificate to the cacerts keystore file:
- Linux:
- Windows:
- <cert-alias> is the custom alias for the certificate, used to identify easily the certificate in the list of certificates. It can be any unique name.
- <cer-file> is the full path to the .cer files.
- <FMEFlowDir> is the FME Flow installation directory.
- Repeat step 3 for the root and any intermediary certificate, where applicable.
- Restart FME Flow.
<FMEFlowDir>/Utilities/jre/lib/security/cacerts
Open the command terminal and issue the following commands:
cd <FMEFlowDir>/Utilities/jre/bin
keytool -import -trustcacerts -alias <cert-alias> -file <cer-file> -keystore "<FMEFlowDir>/Utilities/jre/lib/security/cacerts"
Launch cmd.exe and issue the following commands:
cd <FMEFlowDir>\Utilities\jre\bin
keytool -import -trustcacerts -alias <cert-alias> -file <cer-file> -keystore
"<FMEFlowDir>\Utilities\jre\lib\security\cacerts"
When prompted for the keystore password, the default is changeit.
When prompted to trust the certificate, answer yes.
Where: