I had a case where I had to connect to Active Directory to be able to create users and set passwords on that user, off course, using TDI.
The AD administrator gave me a .pfx format of the certificate which is stored in AD.
Installing this file in Windows is easy. Just double click it and install.
Then, starting the "certmgr.msc" from Start - Run inn Windows, I was able to right click the cert, selected "export".
Then, go like this:
And select the DER format:
Saved this exported cert on d:\temp as "cert.der"
Then, open up a command prompt and go to the tdi\jvm\jre\bin catalog:
Then, create a .jks keystore and import the cert.der into it:
keytool -import -file d:\temp\cert.cer -keystore ADKEYSTORE.jks -storepass PaSsW0Rd -alias ADKEYSTORE
If all goes good, output will be:
Issuer: CN=FS03-CA, DC=CUSTOMER, DC=local
Serial number: 7a638e0a000000000001
Valid from: 10.02.17 14:20 until: 10.02.19 14:30
Trust this certificate? [no]: yes
Certificate was added to keystore
And to check the content of the .jks keystore:
keytool -list -keystore ADKEYSTORE.jks -storepass PaSsW0Rd
Output will be:
Keystore type: jks
Keystore provider: IBMJCE
Your keystore contains 1 entry
ADKEYSTORE, 10.feb.2017, trustedCertEntry,
Certificate fingerprint (MD5): F8:2E:4B:B7:1B:14:58:5F:A1:FF:2E:91:88:3E:02:4A
I then moved the ADKEYSTORE.jks file to my TDI Solutions directory, which is in this case:
I then modified the file "E:\TDISOL\TDI_custom\solution.properties"
Where I inserted:
After restarting TDI, I was able to connect to the AD server on port 636 in TDI.