JumpCloud's LDAP-as-a-Service allows users to connect using StartTLS (ldap://ldap.jumpcloud.com:389) or TLS / SSL (ldaps://ldap.jumpcloud.com:636). Many client applications/appliances require you to upload a Peer Certificate Authority when connecting to TLS / SSL. You can run the following commands from a Mac, Windows, or Linux terminal to acquire this at any time.
The following command outputs the certificate authority to the /tmp/ directory as
echo -n | openssl s_client -connect ldap.jumpcloud.com:636 -showcerts | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.chain.pem
The following command outputs only the JumpCloud LDAP Server certificate to the /tmp/ directory as
echo -n | openssl s_client -connect ldap.jumpcloud.com:636 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' > /tmp/jumpcloud.ldap.pem
This is a GoDaddy signed certificate.
Depending on the LDAP client configuration requirements, the GoDaddy Root CA and Intermediate CA certificates may need to be saved to the local Trusted Root Certificate store. Both of these certificates can be obtained from the GoDaddy website repository.
LDAP Client Certificate Configuration Examples
Softerra LDAP Browser Certificate Store
This LDAP client has a Certificate Store that you can use to upload Trusted Root Certificate Authorities and Intermediate Certificate Authorities. Many clients only provide a single Trusted Root Certificate store. See your vendor documentation for details on the required client configuration and certificate format(s) accepted.
Duo Directory Sync LDAP Certificate Chain
The Duo Directory Synchronization configuration requires you to enter the full PEM formatted certificate chain in the SSL CA Certs section. The full PEM formatted certificate chain contents can be acquired using the first command mentioned at the beginning of this article. The command outputs a file called ‘jumpcloud.chain.pem’, which contains all certificates and includes the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- references for each certificate in the chain.