Enabling SSL Communication with LDAP

Communication between Spectrum™ Technology Platform and an LDAP or Active Directory server uses TCP by default. You can configure Spectrum™ Technology Platform to use LDAP over SSL if you want to secure the communication between the Spectrum™ Technology Platform server and the LDAP or Active Directory server.

  1. You may need to add the certificate to the Java TrustStore used by Spectrum™ Technology Platform if:
    • The default Java TrustStore does not contain an entry for the certificate authority you are using.
    • You are using a self-signed certificate. Note that using a self-signed certificate is not recommended in a production environment.

    If either of these situations applies to you, add the certificate to the Java TrustStore by following these steps:

    1. Obtain a copy of the certificate. You can get a copy of the certificate from your LDAP administrator or by using a tool like LDAP Admin to view and save the certificate.
    2. Add the certificate to a new or existing TrustStore using the keytool utility included in the JDK.

      For example:

      keytool -import -file X509_certificate_ldap.cer -alias server.example.com -keystore ldapTrustStore

      See the Java documentation for more information.

      Note: The certificate must meet the requirements for encryption and length for the version of Java used by Spectrum™ Technology Platform. To find out the version of Java, open Management Console and go to System > Version. For more information, see java.com/en/jre-jdk-cryptoroadmap.html.
  2. Stop the Spectrum™ Technology Platform server.
    • To stop the server on Windows, right-click the Spectrum™ Technology Platform icon in the Windows system tray and select Stop Spectrum™. Alternatively, you can use the Windows Services control panel and stop the Pitney Bowes Spectrum™ Technology Platform service.
    • To stop the server on Unix or Linux, source the SpectrumLocation/server/bin/setup script then execute the SpectrumLocation/server/bin/server.stop script.
  3. Open this file in a text editor:

    SpectrumLocation\server\app\conf\spring\security\spectrum-config-ldap.properties

  4. Configure these properties:
    spectrum.ldap.url
    Specify the URL of the LDAP server. Be sure to specify the SSL port number, which is typically 636. For example:
    spectrum.ldap.url=ldap://server.example.com:636
    Note: Do not include a slash ( / ) at the end of the URL.
    spectrum.ldap.useSSL
    Specify true to enable SSL communication with LDAP.
    spectrum.ldap.trustStore
    Specify the location of the TrustStore containing the certificate to use for SSL communication with LDAP. For example on Windows:,
    spectrum.ldap.trustStore=file:D:\\Certs\\MyTrustStore
    On Linux and Unix:
    spectrum.ldap.trustStore=file://Certs//MyTrustStore
    spectrum.ldap.trustStore.password
    Specify the TrustStore password.
Important: If you are running Spectrum™ Technology Platform in a cluster, repeat this procedure on each server in the cluster.