| The information on this page refers to License Statistics v6.6 or newer, which introduced the License Statistics Manager, a tool that replaces direct editing of the xflicstat.cfg configuration file for Windows installations. If you are using an earlier version of License Statistics, please refer to the documentation for releases prior to v6.6. |
For Windows, the LDAP SSL connection is configured through using the License Statistics Manager. For Linux, the LDAP SSL connection is configured in the xflicstat.cfg file.
LDAP configuration settings (Windows)
For Windows, use the LDAP section of the License Statistics Manager Configuration Settings to review and modify your LDAP configuration.
...
LDAP configuration settings (Linux)
The LDAP settings in the configuration file (xflicstat.cfg) include the following.
| Setting | Default | Description |
|---|---|---|
| LDAP_SSL_CERTIFICATE_KEY_FILE |
...
| empty | Path to file with certificate. |
...
| LDAP_SSL_CERTIFICATE_VERIFY |
...
| demand | Defines if LDAP server certificate should be verified. To turn |
...
| verification on, set |
...
| this to 'demand'; to turn |
...
| verification off, set |
...
| this to 'allow |
...
| '. |
| LDAP_SSL_KEYSTORE |
...
| empty | Path to keystore containing server certificate. |
...
| LDAP_SSL_KEYSTORE_PASSWORD |
...
| changeit | Password to keystore. |
Configuration notes
...
If you only need to encrypt data sent between License Statistics and the LDAP server, then only thing you need to do is to set LDAP_SSL_CERTIFICATE_VERIFY to 'allow'. This way set the certificate verification to "allow." This way, communication will be encrypted, but the LDAP server certificate won't be verified.
If you want to level up your security then LDAP_SSL_CERTIFICATE_VERIFY has to be set to 'demand'. In most cases it should be enoughincrease security, set the certificate verification to "demand." In most cases, this should be sufficient, because License Statistics has root certificates from most Certified Authorities (CAs) and is able to verify server certificate certificates with them. But However, if the server certificate was not issued by one of our supported CAs (fe.eg., because it was generated from your company's internal root certificate) then , you will need to provide an LDAP server certificate to License Statistics. There are two ways to do thatthis, as described below.
Method 1. Through : Use the certificate file.
This It is the easiest, and recommended method.
Windows: Use the Certificate Browse button to select the server root or intermediate certificate file to the License Statistics host.
Linux: Copy the way. You have to copy server root or intermediate certificate file to the License Statistics host, and provide the path to this file under LDAP_SSL_CERTIFICATE_KEY_FILE in the xflicstat.cfg file.
| Code Block | ||||
|---|---|---|---|---|
| ||||
LDAP_SSL_CERTIFICATE_KEY_FILE = C:\MyDirectory\certificate.cer LDAP_SSL_CERTIFICATE_VERIFY = demand |
Method 2. Through : Use the keystore with a loaded certificate.
If you already have a JKS or PKCS12 keystore that contains an LDAP server certificate, you can provide the path using this method.
Windows: Use the Keystore Browse button to select the keystore.
Linux: Copy the path to the keystore under the and is of JKS or PKCS12 type then provide path to it in LDAP_SSL_KEYSTORE setting, password in and enter the keystore password under the LDAP_SSL_KEYSTORE_PASSWORD and its type in LDAP_SSL_KEYSTORE_TYPEsetting.
| Code Block | ||||
|---|---|---|---|---|
| ||||
LDAP_SSL_CERTIFICATE_VERIFY = demand
LDAP_SSL_KEYSTORE = C:\MyDirectory\keystore.p12
LDAP_SSL_KEYSTORE_PASSWORD = Password123
LDAP_SSL_KEYSTORE_TYPE = PKCS12 |