Use this procedure only if you enabled SSL for the Active Directory Connector after installing the Connector or if invalid credentials were provided during installation.
On the machine where the Active Directory Connector is installed, stop the Identity Synchronization for Windows service/daemon.
Assuming the Active Directory Connector has connector ID CNN101 (see logs/central/ error.log for a mapping from connector ID to the directory source it manages), go to its certificate database directory on the machine where it was installed, and import the certificate file:
If the certificate was retrieved using certutil, type:
<ISW-server-root>\shared\bin\certutil.exe -A -d . -n ad-ca-cert -t C,, -i \cacert.bin
<ISW-server-root>\shared\bin\certutil.exe -A -d . -n ad-ca-cert \ -t C,, -a -i \ad-cert.txt
ISW-server-root is the path where ISW-hostname directory is present
On Solaris, the certificate can be imported using the dsadm command in the following manner:
/opt/SUNWdsee/ds6/bin/dsadm add-cert -C <DS-server-root>/slapd-<hostname>/ ad-ca-cert cacert.bin
where ad-ca-cert is the name of the certificate assigned after the import and cacert.bin is the certificate about to be imported
Restart the Identity Synchronization for Windows service/daemon.
Because the Directory Server certutil.exe is installed automatically when you install Directory Server, you will not be able to add a CA certificate to a connector installed on a machine with no Directory Server.
At a minimum, you must install the Sun Java System Server Basic Libraries and Sun Java System Server Basic System Libraries from the Directory Server package on the server where the Active Directory Connector is installed. (You do not have to install the Administration Server or Directory Server components.)
In addition, be sure to select the JRE subcomponent from the Console (to ensure your ability to uninstall).