Secure the connection to the directory server

For security, you can use an SSL connection between API Gateway and your directory server. This section describes how to configure this in Policy Studio. For more information on working in Policy Studio, see the API Gateway Policy Developer Guide.

API Gateway and Policy Studio require the CA certificate of your directory server. You must import the CA certificate into the API Gateway and Policy Studio Java keystores.

Add the LDAP server certificate to the API Gateway certificate store

  1. In the node tree, click Environment Configuration > Certificates and Keys > Certificates.
  2. Click Create/Import > Import Certificate, and select the CA certificate of your directory server.
  3. In Alias Name, give the certificate a name or click Use Subject to use the subject name , then click OK.

Add the LDAP server certificate to the API Gateway Java keystore

  1. In the node tree, click Environment Configuration > Certificates and Keys > Certificates.
  2. Click Keystore, click the browse button next to the Keystore field, and browse to the keystore file:
  3. INSTALL_DIR/apigateway/posix/jre/lib/security/cacerts
  4. Click Open, and enter the keystore password.
  5. Click Add to keystore.
  6. Select the CA certificate of your directory server, and click OK.
  7. Give a name to the certificate, or use the default name, and click OK.
  8. Click OK to save the configuration, and deploy the updated configuration to API Gateway.

Add the LDAP server certificate to the Policy Studio Java keystore

  1. In the node tree, click Environment Configuration > Certificates and Keys > Certificates.
  2. Click Keystore, click the browse button next to the Keystore field, and browse to the keystore file:
  3. INSTALL_DIR/policystudio/posix/jre/lib/security/cacerts
  4. Click Open, and enter the keystore password.
  5. Click Add to keystore.
  6. Select the CA certificate of your directory server, and click OK.
  7. Give a name to the certificate, or use the default name, and click OK.
  8. Click OK to save the configuration, and restart Policy Studio.

Configure the LDAP connection over SSL

  1. In the node tree, click Environment Configuration > External Connections > LDAP Connections.
  2. Right-click the appropriate directory server connection, and click Edit.
  3. In the URL field, enter the LDAPS host name and port. For example:
ldaps://ldap_host:636
  1. Select the SSL Enabled check box, and click Test Connection.
  2. After a successful connection, click OK, and deploy the deploy the updated configuration to API Gateway.

Related Links