SSL

Penrose supports secure communication via SSL. This page will explain how to setup SSL.

Java 1.5

SSL is only supported with Java 1.5 or later. Make sure the JAVA_HOME environment variable is pointing to the correct version of JDK.

SSL Certificate

To configure SSL you need to obtain an SSL certificate from a Certificate Authority such as VeriSign or Thawte, or create a self-signed certificate.

To create a self-signed certificate:

cd PENROSE_SERVER_HOME/conf
keytool -genkey -keyalg RSA -alias penrose -keystore penrose.keystore

Note: you can change the alias and the keystore name/location.

Verify your certificate:

keytool -list -keystore penrose.keystore

Configure LDAP Service

Edit PENROSE_SERVER_HOME/conf/server.xml and add the following parameters into LDAP Service:

<service name="LDAP">
  <service-class>org.safehaus.penrose.ldap.PenroseLDAPService</service-class>
  <parameter>
    <param-name>enableLdaps</param-name>
    <param-value>true</param-value>
  </parameter>
  <parameter>
    <param-name>ldapsPort</param-name>
    <param-value>636</param-value>
  </parameter>
  <parameter>
    <param-name>ldapsCertificateFile</param-name>
    <param-value>conf/penrose.keystore</param-value>
  </parameter>
  <parameter>
    <param-name>ldapsCertificatePassword</param-name>
    <param-value>[keystore password]</param-value>
  </parameter>
</service>

Verification

Restart Penrose Server, connect with an LDAP client that supports SSL.

The Penrose Project

The Safehaus

SSL

SSL

Java 1.5

SSL Certificate

Configure LDAP Service

Verification