Adding Active Directory Certificates to Directory Server
Note –
Make sure that you have enabled SSL in Directory Server.
To Add the Active Directory CA certificate to the Directory Server
Certificate Database
-
Retrieve the Active Directory CA certificate using one of the following methods:
-
Stop Directory Server.
-
Import cacert.bin into the <DS-server-root>\slapd-hostname\alias folder on Windows and for Solaris and Linux import it into <DS-server-root>/slapd-hostname/alias directory.
-
On the machine where Directory Server is installed, import the Active Directory CA certificate as follows:
-
If the certificate was retrieved using certutil, type:
<ISW_server_root>\shared\bin\certutil.exe -A -d . -P slapd-hostname- -n ad-ca-cert -t C,, -i \cacert.bin
-
If the certificate was retrieved using LDAP, type:
<ISW_server_root>\shared\bin\certutil.exe -A -d . -P slapd-hostname- -n ad-ca-cert -t C,, -a -i \ad-cert.txt
ISW-server-root is the path where ISW-hostname directory is present
-
If the certificate was retrieved using the dsadm command (on Solaris), type:
/opt/SUNWdsee/ds6/bin/dsadm add-cert -C <DS-server-root> /slapd-<hostname>/ ad-ca-cert cacert.bin
Where ad-ca-cert is the name of the certificate assigned after the import and cacert.bin is the certificate about to be imported
-
-
Start Directory Server.
- © 2010, Oracle Corporation and/or its affiliates