Securing With Tls - TANDBERG Gatekeeper User Manual

18.2.4.

Securing with TLS

The connection to the LDAP server can be encrypted by enabling Transport Level Security (TLS) on the
connection. To do this you must create an X.509 certificate for the LDAP server to allow the Gatekeeper
to verify the server's identity. Once the certificate has been created you will need to install the following
three files associated with the certificate onto the LDAP server:

The certificate for the LDAP server.

The private key for the LDAP server.

The certificate of the Certificate Authority (CA) that was used to sign the LDAP server's certificate.
All three files should be in PEM file format.
The LDAP server must be configured to use the certificate. To do this, edit
/etc/openldap/slapd.conf and add the following three lines:
TLSCACertificateFile <path to CA certificate>
TLSCertificateFile <path to LDAP server certificate>
TLSCertificateKeyFile <path to LDAP private key>
The OpenLDAP daemon (slapd) must be restarted for the TLS settings to take effect.
For more details on configuring OpenLDAP to use TLS consult the OpenLDAP Administrator's Guide.
To configure the Gatekeeper to use TLS on the connection to the LDAP server you must upload the CA's
certificate as a trusted CA certificate. To do this, navigate to
upload the certificate.
TANDBERG Gatekeeper User Guide
Gatekeeper Configuration > Files and
Page 98 of 105