Configuring TLS/SSL with external authentication

This section explains how to configure SSL for the external authorization server. For general information, see TLS/SSL.

Install the external LDAP Certificate Services.
Obtain the Server Certificate. For example:
```
certutil -ca.cert client.crt
```
Change to your latest Java version home directory:
```
cd /usr/java/latest
```
Import the Server Certificate. For example:
```
sudo ./bin/keytool -import -keystore ./jre/lib/security/cacerts -file FULLY-QUALIFIED-PATH-TO-THE-CERT-FILE -alias CERT-ALIAS
```
Where CERT-ALIAS is optional, but recommended. Replace CERT-ALIAS with a text name that you can use later to refer to the certificate, for example if you want to delete it.

Note: The Default Keystore password used by Java is changeit. If this has been changed already you will need to get your sysadmin to provide the keystore password so you add your certificate.
Open /opt/apigee/customer/application/management-server.properties in a text editor.
Change the conf_security_externalized.authentication.server.url property value as follows:
- Old Value: ldap://localhost:389
- New Value: ldaps://localhost:636

Restart the Management Server:

/opt/apigee/apigee-service/bin/apigee-service edge-management-server restart

Verify that the server is running:

/opt/apigee/apigee-service/bin/apigee-all status

Testing the installation

See the testing section at the end of Enabling external authentication, and perform the same test described there.