[
https://issues.apache.org/jira/browse/DIRSTUDIO-1223?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16821472#comment-16821472
]
Stefan Seelmann commented on DIRSTUDIO-1223:
--------------------------------------------
Studio runs on Java and uses the truststore (cacert) that the JVM you use
includes. There two ways to achieve what you want:
1) Create your own truststore (using keytool) with the root/intermediate CA you
want to trust and then set system properties -Djavax.net.ssl.trustStore and
-Djavax.net.ssl.trustStorePassword in ApacheDirectoryStudio.ini
2) Change the truststore of your Java installation which should be located in
the lib/security folder.
> Explicit CA used for LDAPS connection verification
> --------------------------------------------------
>
> Key: DIRSTUDIO-1223
> URL: https://issues.apache.org/jira/browse/DIRSTUDIO-1223
> Project: Directory Studio
> Issue Type: Wish
> Reporter: Jan Tomášek
> Priority: Major
> Attachments: ApacheStudioTrust.png
>
>
> By default ApacheDirectoryStudio trust to any valid certificate I guess? My
> settings are empty:
>
>
> It would be security improvement if there will be possibility to specify
> explicit CA or even better intermediate CA which only is allowed for specific
> LDAP server.
> We are running LDAP servers equipped with EV certificates but
> ApacheDirectoryStudio connect to them even when I change certificates to
> Let's Encrypt. I'm afraid that attacker who will be able to steal IP will be
> able to issue Let's Encrypt
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
