The steps to get the right certificate in the right place are to first download the intermediate and root certificates as .cer files (X.509) into a location on the server that is running Tomcat. How to get these certificates is depends on the customers network and policies.
We then need to add the certificates to the Java cacerts keystore (that’s the key/trust store our application servers to determine trust and validate certificates).
After getting the certificates, we are assuming the following (adjust the paths as necessary):
The platform is located in
Your certificate files have been copied to
Open a command line and go to the directory containing your certificate files.
For each certificate, add the certificate to the default Java Keystore using this command:
..\..\bin\keytool.exe –import –trustcacerts –alias %ALIAS_NAME% -file %CERT_FILE% -storepass changeit –keystore cacerts
ALIAS_NAME needs to be unique for each of your CERT_FILE references. Probably using the file name without extension is easiest.
After adding all the certificates, restart the server and see if LDAP over SSL works.