Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with the Directory Server discusses using SSL with the Directory Server LDAP server. This information includes managing and creating trusted Certificate Authorities with Digital Certificate Manager.
Some of the LDAP servers accessed by the client use server authentication only. For these servers, you only need to define one or more trusted root certificates in the certificate store. With server authentication, the client can be assured that the target LDAP server has been issued a certificate by one of the trusted Certificate Authorities (CAs). In addition, all LDAP transactions that flow over the SSL connection with the server are encrypted. This includes the LDAP credentials that are supplied on application program interfaces (APIs) that are used to bind to the directory server. For example, if the LDAP server is using a high-assurance Verisign certificate, you should do the following:
If the LDAP server is using a privately issued server certificate, the servers administrator can supply you with a copy of the servers certificate request file. Import the certificate request file into your certificate store and mark it as trusted.
If you use the shell utilities to access LDAP servers that use both client authentication and server authentication, you must do the following: