Importing a server certificate from the LDAP into SA

For SSL, the necessary certificates must be extracted from the LDAP directory and copied to SA. To import a server certificate from the LDAP directory into SA, perform the following steps:

  1. Extract the server certificate from the external LDAP directory. For instructions, see the following sections.
  2. Convert the extracted certificate to PEM format.

    Certificates created on Windows systems are in Distinguished Encoding Rules (DER) format. The following example converts a certificate from DER to PEM format with the openssl utility:

    OpenSSL> x509 -inform DER -outform PEM -in mycert.der -out mycert.pem

  3. Copy the server certificate to the location specified by the LDAP configuration file (twist_custom.conf). For example, the twist_custom.conf file could have the following line:

    aaa.ldap.servercert.ca.fname=/var/opt/opsware/crypto/twist/ldapcert.pem

Extracting the server certificate from the Microsoft Active Directory

To extract the server certificate:

  1. Run either the Certificates MMC snap-in console or the Certificate Services web interface.
  2. Export the Root CA certificate from the Windows CA into DER format.

Extracting the server certificate from the Novell eDirectory

To extract the server certificate:

  1. Find out the name of the local CA entry. (Example: CN=CORP-TREE CA.CN=Security)
  2. Open the eDirectory Administration utility, and click Modify Object.
  3. Enter the entry name (CN=CORP-TREE CA.CN=Security).
  4. Select the Certificates tab.
  5. Click Self Signed Certificate.
  6. Click Export.
  7. In the dialog, click No for exporting the private key, and then click Next.
  8. Select the appropriate format (usually DER).
  9. Click Save the exported certificate to a file.

Extracting the server certificate from SunDS

Typically, instead of exporting a server CA certificate from SunDS, you obtain the certificate that was imported into SunDS.