The information on this page refers to License Statistics 6.0 and newer, which introduced a new user interface (UI). If you are using a version previous to v6.0, see documentation for previous versions. |
If you have set up an LDAP connection, you may want to enable LDAP over SSL. By default, LDAP traffic is transmitted unsecured. You can, however, make LDAP traffic confidential by installing a valid certificate issued by a certificate authority (CA). The CA certificate, which contains a public key and the identity of the owner, is needed to enable encrypted communication between License Statistics and your LDAP server.
To connect over SSL:
If you want to verify that the LDAP server's certificate is properly signed:
- Set the variable LDAP_SSL_CERTIFICATE_KEY_FILE in the License Statistics configuration file (xflicstat.cfg). This variable defines the path and filename of the CA certificate and allows the client to verify the LDAP server's certificate.
- Leave the default settings of the variable LDAP_SSL_CERTIFICATE_VERIFY. By default, this variable is set to the "demand" value, indicating that the server certificate will be checked to verify that it is properly signed and your CA certificate, which you set in LDAP_SSL_CERTIFICATE_KEY_FILE variable, will be used to verify that.
- Restart License Statistics.
If you do not want to verify that the LDAP server's certificate is properly signed:
- Set the variable LDAP_SSL_CERTIFICATE_VERIFY to "allow". This way, the connection will be allowed even if it turns out that the certificate is missing or it is not valid. In this case, setting the variable LDAP_SSL_CERTIFICATE_KEY_FILE is not obligatory.
- Restart License Statistics.
Note: We recommend using the predefined settings and leaving the variable LDAP_SSL_CERTIFICATE_VERIFY set to "demand" so you can perform the validation of the LDAP server's certificate using your CA file.