| | 29 | LDAPS relying on AD certificates from private CA: Certificates used in the UA Domain are issued from a private local CA. Shibboleth configurations will fail to load if they cannot establish trust. Trust of the private CA can be established by: |
| | 30 | (1) Import the certificate into the java trusted keystore. This requires ongoing maintenance as that keystore may be overwritten by any number of upgrade or refresh processes, requiring re-import of the CA certificate. |
| | 31 | (2) Configure the IdP authentication module to trust the AD certificate by adding to the configuration in $IDP_HOME/login.config a line like |
| | 32 | |
| | 33 | {{{ |
| | 34 | sslSocketFactory="{trustCertificates=file:/path/to/my/trust.crt}" |
| | 35 | }}} |
