Certificates Your instance requires certificates to establish secure connections and validate signatures. Certificates are used for features such as: LDAPS Outbound web services mutual authentication Web services security MID Server In order to use a certificate, you need to generate or purchase a certificate for the secured server or client and upload it to an instance. LDAP certificates An SSL certificate is required for the instance to establish an LDAP over SSL (LDAPS protocol) connection with an LDAP server. The instance accepts two types of LDAP certificates: Certificate Type Required for LDAP server certificate Any supported type All LDAP configurations LDAP client certificate Java keystore type Mutual authentication If there are multiple server certificates, the instance tries each server certificate in turn until the LDAP server allows the connection. If you use multiple LDAP servers, be sure to include the SSL certificate for each LDAP server. If your LDAP server requires mutual authentication, which requires the client to present a certificate in addition to the server, you must also provide your LDAP server's client certificate in a Java keystore type certificate. Certificate criteria A valid certificate must meet these criteria: The certificate can have a key size up to 2048 bits. The certificate must have one of these file extensions: Extension Description DER The Distinguished Encoding Rules format is a binary message transfer syntax. This format also supports the .CER and .CRT file extensions. CER Certificate file extensions for certificates using the Distinguished Encoding Rules format. CRT Certificate file extensions for certificates using the Distinguished Encoding Rules format. PEM The Privacy Enhanced Mail format is a base-64 encoded DER certificate enclosed between "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" text strings. Certificate trust By default, your instance trusts the Certificate Authority (CA) for a certificate. This ensures the instance accepts self-issued certificates. If you do not want to trust all certificates by default, set the following general security property to false: com.glide.communications.trustmanager_trust_all. Generate an LDAP client certificateGenerate an LDAP client certificate for mutual authentication using OpenSSL. The final output is a PKCS#12 certificate stored within a Java keystore. Generate a server certificateYou can use keytool to generate a new Java keystore file, create a certificate signing request (CSR), and import the private key, public certificate pair, and signed certificates into the keystore.Upload a certificate to an instanceYou can add a certificate to the instance from the Certificates module.Upload a trusted server certificateBy uploading the service provider's trusted server certificate, the instance ensures it is connecting to a valid and secure service.