How to get a ssl certificate for java application from samba4 DC server?

Question

We have a mail system which can modify active directory users/orgnization_unit via ldaps URL. It needs a server certificate stored in java keystore to make a ssl/tls connection.

Now I want to use samba4 as domain controller instead of Windows server, but i didn't find a guide like this one for active directory: https://confluence.atlassian.com/display/DOC/Configuring+an+SSL+Connection+to+Active+Directory.

How to get a ssl certificate from samba4 DC server? Is it even possible?

---

I'm using fedora 18, but not using the samba package shipped by fedora, because it does not support domain controller yet. I compiled samba-4.0.5 from source according this guide: http://linuxdrops.com/install-samba-4-on-centos-rhel-fedora-debian-ubuntu/.

Answer 1

First thing you need to do is to get the certificate from Samba Server as explained in the Samba documentation I sent you earlier. Once you have the certificate then using it on windows or any other machine is no different.

What you need to do is to create a KeyStore. For my work I used http://portecle.sourceforge.net/. this is a very nice GUI based tool that you can use to create your own keystores and add keys to your keystore. You can use one of your choice if you did not like it.

Using this tool you need to first create a Keystore and then add the certificate to your keystore. Your keystore will keep the keys and it will have a password. Then you need to set the system properties. like so:

System.setProperty("javax.net.ssl.trustStore", "keystore file path");
System.setProperty("javax.net.ssl.keyStorePassword", "keystore file password");

That's it really. If you find any difficulties then I would suggest do a google for "working with certificates in java" and you will get plenty of resources.

Note that it will give you some headache to get all of this working. But believe me, there is nothing more to it.

I hope you can accept this as an answer now :)