Where is the keystore for LDAPS linked for OC-server setup

Document ID : KB000107100
Last Modified Date : 19/07/2018
Show Technical Document Details
Introduction:
CA Spectrum OneClick service (OC-server) configuration with secured LDAP (LDAPs) will be possible only by default Spectrum keystore configuration. This requires LDAPs related Certificate needs to be part of default $SPECROOT/custom/keystore/cacerts.

So even CA Spectum Oneclick service configruation for the Tomcat-webserver allows via ./tomcat/conf/server.xml - here parameter "keystore" - to specify the keystore location (and keystore filename and key-pass) - this is affecting the Tomcat-Connector (for https) - but this is not effective for the LDAPs connector.

 
Background:
LDAPs connector is using default only keystore file "cacerts". 
Environment:
This is valid for any OC-server platform OS/host. 
Instructions:
So even using for OC-"https"-service specific keystore file, please add the required Certificate for the LDAPs connector to the default keystore $SPECROOT/custom/keystore/cacerts. At practical level the default keystore file only covers the LDAPs connector cert only then.  
 
This functionality is addressed for post CA Spectrum R10.3 improvements.