Using SSL with the LDAP command line utilities
Use this information to understand how to use SSL with the LDAP command line utilities.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with the Directory Server discusses using SSL with the Directory Server LDAP server. This information includes managing and creating trusted Certificate Authorities with Digital Certificate Manager.
Some of the LDAP servers accessed by the client use server authentication only. For these servers, you only need to define one or more trusted root certificates in the certificate store. With server authentication, the client can be assured that the target LDAP server has been issued a certificate by one of the trusted Certificate Authorities (CAs). In addition, all LDAP transactions that flow over the SSL connection with the server are encrypted. This includes the LDAP credentials that are supplied on application program interfaces (APIs) that are used to bind to the directory server. For example, if the LDAP server is using a high-assurance Verisign certificate, you should do the following:
- Obtain a CA certificate from Verisign.
- Use DCM to import it into your certificate store.
- Use DCM to mark it as trusted.
If the LDAP server is using a privately issued server certificate, the servers administrator can supply you with a copy of the servers certificate request file. Import the certificate request file into your certificate store and mark it as trusted.
If you use the shell utilities to access LDAP servers that use both client authentication and server authentication, do the following:
- Define one or more trusted root certificates in the system certificate store. This allows the client to be assured that the target LDAP server has been issued a certificate by one of the trusted CAs. In addition, all LDAP transactions that flow over the SSL connection with the server are encrypted. This includes the LDAP credentials that are supplied on application program interfaces (APIs) that are used to bind to the directory server.
- Create a key pair and request a client certificate from a CA. After receiving the signed certificate from the CA, receive the certificate into the key ring file on the client.
Parent topic:
Directory Server command line utilities
Related concepts
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) with the Directory Server