If you do not want to use the Directory Server's certificate database, you
can create a certificate database for the NT synchronization service using
Communicator 4.x. When you do this, you only need to trust the Directory
Server's Certificate Authority (you do not need to obtain any client or server
certificates).