Make sure that you have enabled SSL in Directory Server.
Retrieve the Active Directory CA certificate using one of the following methods:
Stop Directory Server.
Import cacert.bin into the <DS-server-root>\slapd-hostname\alias folder on Windows and for Solaris and Linux import it into <DS-server-root>/slapd-hostname/alias directory.
On the machine where Directory Server is installed, import the Active Directory CA certificate as follows:
If the certificate was retrieved using certutil, type:
<ISW_server_root>\shared\bin\certutil.exe -A -d . -P slapd-hostname- -n ad-ca-cert -t C,, -i \cacert.bin |
If the certificate was retrieved using LDAP, type:
<ISW_server_root>\shared\bin\certutil.exe -A -d . -P slapd-hostname- -n ad-ca-cert -t C,, -a -i \ad-cert.txt |
ISW-server-root is the path where ISW-hostname directory is present
If the certificate was retrieved using the dsadm command (on Solaris), type:
/opt/SUNWdsee/ds6/bin/dsadm add-cert -C <DS-server-root> /slapd-<hostname>/ ad-ca-cert cacert.bin |
Where ad-ca-cert is the name of the certificate assigned after the import and cacert.bin is the certificate about to be imported
Start Directory Server.