LDAP with SSL using MID Server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-13-2013 02:23 AM
Anyone know the reason why the SSL checkbox should disappear when using a midserver for LDAP?
Ive seen the note ""Note: The SSL connection is not available with the MID Server."" on this page https://wiki.servicenow.com/index.php?title=LDAP_Integration_Setup#Step_5._Set_Connection_Properties .
But if I use the instructions from this page http://wiki.servicenow.com/index.php?title=MID_Server_Configuration#Adding_SSL_Certificates to add a certificate to the mid-server and change the ldap-link to "ldaps://server.domain:636" it seems to be working…
BTW whats the default password for the cacerts keystore?
Whats does it contain by default?
I had to rename the default keystore and created a new one setting my own password.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-13-2013 06:16 AM
I was told that since the LDAP query was happening inside the corporate network that ServiceNow as not going to put an effort into LDAPS via the MID Server as you would be in a more secure environment. It was a prioritization deal.
That being said, if it is working for you to set it up that way, it is possible that is the case, it just may be that ServiceNow didn't have the cycles to fully test LDAPS since it had the lower priority in this case. I don't know if that is indeed the situation or not, but it would be good to know how it works for you. But yes, it is not "supported" at this time.
I am not familiar with the default keystore. I have always just generated my own keystore for my activity.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎12-13-2013 07:49 AM
It seems to be working very well, I tested to import users and not experiencing any problems.
If I replace my newly created keystore with the default one i get an error message reading
""sun.security.validator.ValidatorException: PKIX path building failed: java.security.cert.CertPathBuilderException: No issuer certificate for certificate in certification path found."", switching back and its working just fine.
We wont be authenticating through ldap so i wont be able to answer whether this will work or not…
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎08-21-2014 10:49 AM
*resurrect old post* I am currently prepping for our move to service now. I needed LDAPS via the mid server and it wasn't clear to me what you were saying Jonas. So, here is my clarification.
You need to add the certificate for the ldap server to the mid tier keystore. You can follow the directions from: MID Server Configuration - ServiceNow Wiki for how to add a certificate to your MID server. -You can use the default keystore password when prompted "changeit".
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎09-11-2014 01:31 AM
Hmm, can ´t seem to remember what i did… and the page seems to be missing.
But according to the history logs on the server i did something like this
mv /servicenow/yyyyyy/agent/jre/lib/security/cacerts /servicenow/yyyyyy/agent/jre/lib/security/cacertsorig
./keytool -import -alias CA-Cert -file /home/xxxxx/certnew.cer -keystore /servicenow/yyyyyy/agent/jre/lib/security/cacerts
