Submit a ticketCall us

Looking to compare latest NPM features with previous versions of NPM?
The NPM new feature summary offers a comparison of new features and improvements offered with this release.

 

 

 

 

Home > Success Center > Database Performance Analyzer (DPA) > Import certificates to DPA for directory service integration

Import certificates to DPA for directory service integration

Created by Anthony.Rinaldi, last modified by Anthony.Rinaldi on Feb 01, 2017

Views: 799 Votes: 0 Revisions: 4

Updated July 5, 2016

Overview

You can configure DPA with your company's directory service by clicking Options > Administration > Configure AD/LDAP.

If you configure DPA to communicate over SSL with the AD/LDAP server, and the certificate provided by the server is not trusted by DPA, the configuration wizard offers to import the root certificate authority (CA) certificate or the server certificate as trusted:

  • Root CA certificate is the trust anchor of the trust chain provided by a server. If you import the root CA certificate as trusted, all server certificates whose trust chain is rooted at the root CA certificate will be trusted.
  • Server certificate is a certificate of the AD/LDAP server DPA is connecting to. The certificate may be self-signed or at the bottom of a trust chain that consists of multiple certificates.

Import the root CA certificate if you have multiple AD/LDAP servers in your domain, and DPA is configured to connect to the domain, rather than to a specific server. If you import the server certificate in this scenario, DPA can only establish SSL connections with one of your LDAP servers. Subsequent logins to DPA with LDAP accounts may seem to intermittently fail.

Environment

  • DPA 10.2 and later

Detail

Obtain the root CA certificate

DPA attempts to resolve the root CA certificate by analyzing certificates provided in the SSL handshake with the AD/LDAP server. If the root CA certificate is not present, DPA issues an LDAP query to the LDAP server using the credentials specified in the wizard. The query searches for objects with the CACertificate attribute.

You can configure the query parameters with the following properties in the <DPA_dir>/iwc/tomcat/webapps/iwc/WEB-INF/classes/properties/idc-security.properties file:

  • com.confio.security.ldap.certificates.search.baseDns
  • com.confio.security.ldap.certificates.search.filter

You must restart DPA for the new property values to take effect.

Import the certificates manually

You can import certificates manually into the custom DPA trust store. See these articles for more information:

 

 

 

 

Last modified
14:10, 1 Feb 2017

Tags

Classifications

Public