20.2.2. SSL

The setup is very similar to the one described in LdapLoginModule wiki page
You need to modify your identity configuration file and add "protocol"
<datasource>
   <name>LDAP</name>
   <config>
      ...
      <option>
         <name>protocol</name>
         <value>ssl</value>
      </option>
      ...
   </config>
</datasource>
Then you need to have LDAP server certificate imported into your keystore. You can use following command:
keytool -import -file ldapcert.der -keystore ldap.truststore
Now you need to change the settings to use the alternative truststore. That can be done in the properties-service.xml in deploy directory:
<attribute name="Properties">
   javax.net.ssl.trustStore=../some/path/to/ldap.truststore
   javax.net.ssl.trustStorePassword=somepw
</attribute>