Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working with Java
Working with Java
When you install the Directory Synchronization Client, you can choose whether or not to install the Java Runtime Environment (JRE).
You can install the JRE independently of the Directory Synchronization Client so that it is available to multiple applications. Alternatively, you can install a separate copy for each application on your system that requires a JRE.
The advantage of installing a JRE with each application is that if you remove or update the global JRE, your application does not stop working. The main disadvantage is that the JRE is several megabytes in size, and installing a copy for each application could consume disk space. We recommend installing the Directory Synchronization Client with its own JRE.
To check the current version of JRE in Windows, select Start > Control Panel > Java. Click About to display the version number.
To check the current version of JRE in Linux, go to the following Web site, which displays your Java version:
http://www.java.com/en/download/help/testvm.xml
 
Java Certificate Store
Java uses a certificate store, located in the jre/lib/security directory of your Java installation. If you are using the Directory Synchronization Client with its own Java Runtime, the jre directory is located in the directory where the client is installed.
For secure communications, the server provides a certificate which has been signed by a Certification Authority. The client checks the certificate store for the Certification Authority's certificate before allowing communication with the server. Because the certificate provided by the cloud service has been signed by a Certification Authority whose certificate is present in the standard Java certificate store, in most cases, no action need be taken to enable secure communications with the cloud service.
Proxy servers typically pass HTTPS traffic unaltered so no action is required when accessing the cloud service via a proxy. Some proxy servers, however, decrypt then re-encrypt the data before passing them to the destination. In this case, the proxy server, rather than the cloud service, supplies the certificate used by the Directory Synchronization Client. If the proxy's certificate is self-signed or signed by a Certification Authority whose certificate is not in the standard cacerts file, the signing certificate will need to be imported.
If you need secure communications with an internal LDAP server, it is common for the certificate provided by the LDAP server to be either self-signed or signed by a Certification Authority whose certificate is not present in the standard cacerts file. In order to allow secure communications with such a server, you must import the signing certificate into the cacerts file as a trustpoint.
Importing a certificate
To add a certificate to the Java cacerts file, you can use the keytool application provided with the Java installation, located in the jre/bin directory. The following command imports a certificate from the file ldap-certificate.cer into the cacerts file:
keytool -import -trustcacerts -alias ldap-certificate -file ldap-certificate.cer -keystore cacerts
 
Note 
If you are using a system JRE and do not want to modify the system cacerts file, you can create the directory application/lib/security in the directory where the Directory Synchronization Client is installed, copy the system cacerts file to application/lib/security/schemus-cacerts, then modify the copy.

Go to the table of contents Go to the previous page Go to the next page View or print as PDF
Working with Java
Copyright 2022 Forcepoint LLC. All rights reserved.