Export the public key certificate to trust the LDAP certificate

When you configure Microsoft Active Directory for SSL access, you must export the public key certificate and import it into the application.

Before you begin

Role required: admin

About this task

If your Certificate Authority is not a trusted third party vendor, you must export the certificate for the issuing CA so we can trust it, and, by association, trust the LDAP server certificate. For MS Certificate Services users, you can view the certificate path by viewing the certificate in the console used to export; select the Certificate Path tab. You must export all certificates in the chain. You can find the CA certificate in the same folder as the LDAP certificate by looking for the name in the Certificate Path. Submit all certificates for importing to your instance.

Procedure

  1. From a current or new MMC console, add the Certificate (Local Computer) snap-in.
  2. Open the Personal/Certificates folder.
  3. Locate the new certificate. The Issued To column shows the FQDN of the domain controller.
  4. Right-click the certificate and select All Tasks/Export.
  5. Export to DER or Base-64 format. Name the file using the format: MyCompany.cer.
    This is the public key certificate the needs to be used on the instance to communicate securely with your domain controller.
  6. Test LDAPS locally before you submit the certificate to the instance.

What to do next

After completing this procedure, import the public key certificate into the application.

See Upload the LDAP X.509 SSL certificate to upload the certificate into the application.