Configuring TLS/SSL with external authentication

Edge for Private Cloud v4.18.01

This section explains how to configure SSL for the external authorization server. For general information, see TLS/SSL.

  1. Install the external LDAP Certificate Services.
  2. Obtain the Server Certificate.
    For example: certutil -ca.cert client.crt
  3. Change to your latest Java version home directory:
    > cd /usr/java/latest
  4. Import the Server Certificate. For example:
    sudo ./bin/keytool -import -keystore ./jre/lib/security/cacerts -file <FULLY-QUALIFIED-PATH-TO-THE-CERT-FILE> -alias <CERT-ALIAS>

    Where <CERT-ALIAS> is optional, but recommended. Replace <CERT-ALIAS> with a text name that you can use later to refer to the certificate, for example if you want to delete it.

    Note: The Default Keystore password used by Java is ‘changeit’. If this has been changed already you will need to get your sysadmin to provide the keystore password so you add your certificate.
  5. Open /opt/apigee/customer/application/management-server.properties in a text editor.
  6. Change the conf_security_externalized.authentication.server.url property value as follows:
    Old Value : ldap://localhost:389
    New Value : ldaps://localhost:636
  7. Restart the Management Server:
    > /opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
  8. Verify that the server is running:
    > /opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.