LDAPS Certificates

Last Modified on 04/10/2024 12:56 pm CDT

Tool Search: LDAP Certificate Management

The LDAP Certificate Management tool provides district administrators the ability to store and replace their public key certificates used by LDAP for authentication. By storing certificates in this tool, districts can mitigate the issue of having users locked out of Campus when certificates expire. 

Existing certificates that were added by Campus are not impacted by this tool however, once your existing certificate expires, you will need to use this tool to upload a new certificate.

Uploading certificates into Campus is only required if your LDAP configuration is set to Use SSL.

screenshot of the ldap certificate management tool

Only users assigned a Product Security Role of Student Information System (SIS) are allowed to use this tool.

Upload a Certificate (LDAPS)

To upload an LDAP certificate:

  1. Click the New icon. The Certificate Upload editor will appear.
  2. Select LDAPS. If you need to upload SASL certificates, see the Upload a Certificate (SASL) section.

  3. Click Choose File. You will be prompted to locate the certificate on your local hard drive or network. 

    You must upload a Cert File (.CER) in Base64 encoded x.509 or DER encoded library x.509 format.

  4. Select the certificate and click Open

screenshot of uploading an ldap certificate

Image 3: Adding the LDAP Certificate

Once the certificate has been selected, it will appear in the Certificate Upload editor next to the Choose file button (Image 4). Click the Upload button to upload the certificate to Campus. 

screenshot of a certificated uploaded into the tool and the user selecting Upload

Image 4: Uploading the Certificate

Once the certificate is uploaded into Campus, the certificate's Effective Date, Expiration Date, and number of days until expiration will appear in the Certificates window (Image 5). 

screenshot of an uploaded certificate showing data within the tool

Image 5: Certificate Information

The final step in this process is to navigate to the LDAP Authentication tool, ensure LDAP is configured properly, and test your LDAP connection by entering a Test Username and selecting Test Configuration

If your LDAP configuration and certificate(s) is valid, a message will appear stating 'Test Configuration Success!'. LDAP is now successfully configured in Campus. 

screenshot of testing the ldap configuration

Image 6: Testing Your LDAP Configuration and Certificate

Upload a Certificate (SASL)

In order to complete this process, you must first have your SASL client configured for Campus and Certificate and Key Files generated by the client. For a step-by-step process on how to configure Google Suite to work with Campus LDAP, see the LDAP Authentication article. 

  1. Click the New icon. The Certificate Upload editor will appear.
  2. Select SASL
  3. Under Certificate File click Browse. You will be prompted to locate the certificate on your locale hard drive or network. This file is provided to you by your SASL client.
  4. Under Key File click Browse. Locate the key file (likely to be in the same location as the Cert file in Step 3). This file is provided to you by your SASL client.
    screenshot of uploading your sasl certificate
  5. The Certificate File and Key File will now appear as selected in the Certificate Upload editor. Click Upload.
    screenshot of a certificate uploaded in the tool
  6. The files are now uploaded into Campus and appear in the Certificates window.
    screenshot showing the tool with an uploaded certificate

  7. The final step in this process is to navigate to the LDAP Authentication tool, ensure LDAP is configured properly, and test your LDAP connection by entering a Test Username and selecting Test Configuration

    If your LDAP configuration and certificate(s) is valid, a message will appear stating 'Test Configuration Success!'. LDAP is now successfully configured in Campus. 

    screenshot of testing an ldap connection

Replace a Certificate

If a certificate is close to expiring or simply needs to be replaced, you should do so by selecting the certificate, clicking the Delete button, and uploading a new certificate using the steps listed in the Upload a Certificate section above. 

You can upload a new certificate without removing the expiring or expired certificate and Campus will know to use the new valid certificate. However, until you remove the expired certificate from this tool, you will continue to receive in-app and email notifications about the expired certificate.

To prevent a potential lockout of users, it is important to replace certificates prior to their expiration. You will receive warning emails when a certificate is getting close to expiring.

screenshot of deleting an existing certificate

Image 7: Replace an Expired Certificate

Certificate Expiration Warnings

Email and in-app notification functionality is built into this tool. Users who have access to this tool will receive an email and in-app notification every 3 days when a certificate will expire in less than 30 days. 

When a certificate will expire in 10 or less days, this notification will increase to every day until the certificate is replaced. Users will continue to receive daily notifications until the expired certificate is replaced or removed.

You must have proper Messenger Email Settings established in order to receive email notifications.

You can upload a new certificate without removing the expiring or expired certificate and Campus will know to use the new valid certificate. However, until you remove the expired certificate from this tool, you will continue to receive in-app and email notifications about the expired certificate. 

Related Articles

Was this helpful?
Thank you for your feedback!
User Icon

Thank you!

Copyright ©️ 2010-2023 Infinite Campus, Inc. All rights reserved. | Terms of Use | Privacy Policy | infinitecampus.com