This article only relates to the On-Premises installation of Haiilo. For security reasons, we are unable to save self-signed certificates in our Cloud.
To use LDAP with SSL, the certificate of your LDAP server for Haiilo should be known. If you have an officially signed certificate, you don’t need to use the following customizations.
Enter self-signed certificate in the JVM of the backend container
To import the self-signed certificate of your LDAP server into the Java keystore, you need the keystore cacerts used by Haiilo. It’s easiest to copy this from the backend container:
docker cp $(docker ps | grep "backend" | cut -d" " -f1):/usr/lib/jvm/zulu15-ca-amd64/lib/security/cacerts /home/coyo/cacerts
Please note: /srv/coyo/cacerts is an example. Customize this to suit the directory containing your keystore cacerts.
This requires the keytool to be installed on the server where you execute the following command:
keytool -import -alias <alias_for_entry> -file <cert.pem> -keystore cacerts -storepass
changeit -trustcacerts -noprompt
Note: If the keytool can’t be executed because a Java JDK is missing, you will be shown a corresponding command to install it.
Next, check whether the certificate has been imported correctly:
keytool -list -v -keystore cacerts -alias <alias_for_entry> -storepass <keystore_pw>
Finally, add the keystore cacerts into the docker-compose.yml in coyo-backend as a volume:
-/home/coyo/cacerts:/usr/lib/jvm/zulu15-ca-amd64/lib/security/cacerts
Please note: /home/coyo/cacerts is an example. Customize this to suit the directory containing your keystore cacerts.
Afterward, restart your Haiilo with the stop and start script.
Please bear in mind that docker-compose.yml is replaced when Haiilo is updated! Document the change in case you ever need to make it again.