Configuring TLS/SSL with external authentication

This section explains how to configure SSL for the external authorization server. For general information, see TLS/SSL.

  1. Install the external LDAP Certificate Services.
  2. Obtain the Server Certificate. For example:
    certutil -ca.cert client.crt
  3. Change to your latest Java version home directory:
    cd /usr/java/latest
  4. Import the Server Certificate. For example:
    sudo ./bin/keytool -import -keystore ./jre/lib/security/cacerts -file FULLY-QUALIFIED-PATH-TO-THE-CERT-FILE -alias CERT-ALIAS

    Where CERT-ALIAS is optional, but recommended. Replace CERT-ALIAS with a text name that you can use later to refer to the certificate, for example if you want to delete it.

  5. Open /opt/apigee/customer/application/management-server.properties in a text editor.
  6. Change the conf_security_externalized.authentication.server.url property value as follows:
    • Old Value: ldap://localhost:389
    • New Value: ldaps://localhost:636
  7. Restart the Management Server:
    /opt/apigee/apigee-service/bin/apigee-service edge-management-server restart
  8. Verify that the server is running:
    /opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.