PingSentry   |   Blog   |   System32   |   GitHub   |   Free tools

How do I configure the web reports to use LDAPS?

Article ID: 468
Category: Web Reports
Applies to: 3.4 and newer
Updated: 2023-01-30

To successfully use LDAPS, you would need to obtain the LDAPS server's certificate by following these steps:

  1. In the Start Menu of the domain's CA server, choose Administrative Tools -> Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.
  2. Highlight the CA machine and right-click to select Properties for the CA.
  3. From General menu, click View Certificate.
  4. Select the Details view, and click the Copy to File... button on the lower right corner of the window.
  5. Use the Certificate Export Wizard to save the CA certificate in a file. Note: Save the CA certificate in Base 64 Encoded Binary X-509 format. *Note, please save it as "X.509 Certificate (DER)" type, so that the exported file has a .der extension.

Then you would need to import this certificate into the certificate manager of the web reports. You'll need to use Administrator command prompt:
cd "c:\Program Files\EventSentry\WebReports\jre\bin"
Then do:
keytool.exe -import -alias examplename -keystore "c:\Program Files\EventSentry\WebReports\jre\lib\security\cacerts" -file "c:\temp\yourfile.der"

This example command assumes that you wish to import "yourfile.der" from c:\temp and that you wish to give the certificate the alias name "examplename" in the web reports certificate store. If you would like to use different file names, paths, or alias names, it will still work. If it asks you for a password when importing the certificate, the default password is "changeit" (without quotes). Please make sure to import both the root CA cert and the LDAPS server's cert.

If you restart the EventSentry Web Reports service, the changes will take effect and you should be able to successfully use LDAPS. In the web reports Security&Accounts settings, when you configured the web reports to connect to an LDAPS server, if you did not specify the FQDN of a domain controller or the FQDN of the domain itself then the certificate will be considered to be a mismatch and the Active Directory logons for the web reports will fail.


Support Resources

Knowledge Base Knowledge Base
Documentation Documentation
Screenshot Screencasts
Blog Blog

Contact Support

Phone 1-877-NETIKUS
Email support@netikus.net