Connect to LDAP with TLS/SSL

JumpCloud's LDAP-as-a-Service allows users to connect using StartTLS (ldap://ldap.jumpcloud.com:389) or TLS / SSL (ldaps://ldap.jumpcloud.com:636).  Many client applications/appliances require you to upload a Peer Certificate Authority when connecting to TLS / SSL. You can run the following commands from a Mac, Windows, or Linux terminal to acquire this at any time. 

Note:

OpenSSL is not pre-installed on Windows machines. The OpenSSL Installer for Windows can be found here: https://slproweb.com/products/Win32OpenSSL.html.

The following command outputs the certificate authority to the /tmp/ directory as jumpcloud.chain.pem.

echo -n | openssl s_client -connect ldap.jumpcloud.com:636 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.chain.pem

The following command outputs only the JumpCloud LDAP Server certificate to the /tmp/ directory as jumpcloud.ldap.pem.

echo -n | openssl s_client -connect ldap.jumpcloud.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.ldap.pem

Note:

This is a GoDaddy signed certificate.

Depending on the LDAP client configuration requirements, the GoDaddy Root CA and Intermediate CA certificates may need to be saved to the local Trusted Root Certificate store. Both of these certificates can be obtained from the GoDaddy website repository.

LDAP Client Certificate Configuration Examples

Softerra LDAP Browser Certificate Store

Note:

This LDAP client has a Certificate Store that you can use to upload Trusted Root Certificate Authorities and Intermediate Certificate Authorities. Many clients only provide a single Trusted Root Certificate store. See your vendor documentation for details on the required client configuration and certificate format(s) accepted.

Duo Directory Sync LDAP Certificate Chain

Note:

The Duo Directory Synchronization configuration requires you to enter the full PEM formatted certificate chain in the SSL CA Certs section. The full PEM formatted certificate chain contents can be acquired using the first command mentioned at the beginning of this article. The command outputs a file called ‘jumpcloud.chain.pem’, which contains all certificates and includes the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- references for each certificate in the chain. 

Back to Top

List IconIn this Article

Notebook IconLearn More

Still Have Questions?

If you cannot find an answer to your question in our FAQ, you can always contact us.

Submit a Case