Applies to: Seclore Policy Server, Active Directory.


1.Deployed Policy Server.

2.SSL Certificate of AD (It's extension should be .cer).


Please refer to the following URL to export the SSL certificate of Active  Directory.

Store the SSL certificate on machine on which Policy Server is deployed.

Eg:  D:\SSL Certificate\<SSL-CERTIFICATE-NAME>.cer


1.Open command prompt (Start -> Run -> cmd) and naviigate to Drive/Seclore/Java/bin

2.Use below command to import the certificate

keytool -import -alias  "<ALIAS-NAME-FOR-CERTIFICATE>" -keystore  "<JRE-FOLDER>\lib\security\cacerts" -file  "<SSL-CERTIFICATE-PATH>"


<ALIAS-NAME-FOR-CERTIFICATE> - Any logical name given to the certificate import e.g. 'ARAWebService'. 


<JRE-FOLDER> - Path of the JRE folder used by Tomcat on which Policy Server is running. 


<SSL-CERTIFICATE-PATH> - The self-signed certificate file path. Eg: D:\SSL Certificates\ARAWebService.cer


While executing this command it asks for the password of the keystore. 

The default password is changeit 


 Example :

keytool -import  -alias "ARAWebService" -keystore "D:\Seclore\Java\lib\security\cacerts" -file "D:\SSL  Certificates\ARAWebService.cer"

On successful import of the certificate a success message  is displayed.


In some cases the command prompt might be required to be run as an administrator for successful import of the certificate.


Once  the certificate is successfully added to the keystore, you can access AD over  SSL. 

Need more help ? 

Contact Seclore Support Chat Live