Page History

The LDAP SSL connection is configured through in the xflicstat.cfg file.

Available settings

Available settings

...

include the following.

...

...

...

...

...

...

...

...

...

...

...

...

Configuration

...

If you only need to encrypt data sent between License Statistics and the LDAP server, then only thing all you need to do is to set the LDAP_SSL_CERTIFICATE_VERIFY to 'allow'. This way, communication will be encrypted, but the LDAP server certificate won't be verified.

If you want to level up your security then increase security, set LDAP_SSL_CERTIFICATE_VERIFY has to be set to 'demand'. In most cases it , this should be enoughsufficient, because License Statistics has root certificates from most Certified Authorities and is able to verify server certificate certificates with them. But However, if the server certificate was not issued by one of our supported CAs (fe.eg., because it was generated from your company's internal root certificate) then , you will need to provide an LDAP server certificate to License Statistics. There are two ways to do thatthis, as described below.

Method 1. : Through the certificate file.

This It is the easiest, and recommended waymethod. You have to copy the server root or intermediate certificate file to the License Statistics host and provide the path to this file under LDAP_SSL_CERTIFICATE_KEY_FILE in the xflicstat.cfg file.

Code Block
language text title Example
LDAP_SSL_CERTIFICATE_KEY_FILE = C:\MyDirectory\certificate.cer LDAP_SSL_CERTIFICATE_VERIFY = demand

Method 2. : Through the keystore with a loaded certificate.

If you already have keystore that contains LDAP server certificate and is of JKS or PKCS12 type then , you can provide the path to it the keystore in LDAP_SSL_KEYSTORE , and the keystore password in LDAP_SSL_KEYSTORE_PASSWORD.

...