Adding Directory Server Certificates to the Directory Server Connector
If you enable SSL communication between the Directory Server Plug-in and Active Directory,
then you must add the Active Directory CA Certificate to the certificate database of
each Directory Server master.
To Add the Directory Server Certificates to the Directory Server Connector
- On the machine where the Directory Server Connector is installed, stop the Identity
Synchronization for Windows service/daemon.
- Retrieve the Directory Server CA certificate.
- Assuming the Directory Server Connector has connector ID CNN100 (see logs/example/ error.log for
a mapping from connector ID to the directory source it manages), go to
its certificate database directory on the machine where it was installed, and import
the cacert.bin file:
<ISW_server_root>\shared\bin\certutil.exe -A -d . -n ds-cert -t C,, -i C:\s-cert
ISW-server-root is the path where ISW-hostname directory is present.
- Restart the Identity Synchronization for Windows service/daemon.