Installing an eDirectory LDAP certificate into the Softerra 2.x browser

  • 3008077
  • 29-Jun-2006
  • 30-Apr-2012

Environment


Novell Certificate Server (PKIS) 3.1.1
Novell Certificate Server (PKIS) 2.79
Novell eDirectory 8.7.3.8 for All Platforms

Situation

The Softerra 2.x browser is unable to connect to eDirectory's LDAP services over a secure connection.

Attempts to connect result in " [Error 91]: Can't connect to the LDAP server ".

Resolution

Softerra's 2.x LDAP browser uses a cert7.db certificate store format.  Attempts to import and export the certificate using MicroSoft's Internet Explorer or Firefox fail as these browsers use a cert8.db store format.  The legacy NetScape browser must be used to perform the import as it uses the cert7.db format.  Below are the steps involved:
1. Download and install the 4.x Netscape browser.  This can be found at:
http://browser.netscape.com/ns8/download/archive47x.jsp
2. Run the browser and connect to the secure LDAP port of your server.
Example: https://myserver:636
3. There will be a certificate acceptance prompt displayed.  Follow the instructions provided in the dialogs to accept the certificate for this and future sessions.  This will import the public key of the LDAP server into the NetScape browser cert7 certificate store.
4. Close the browser.  Copy the Netscape cert7.db and key3.db files to the Softerra Program directory.  The default locations are:
c:\Program Files\Netscape\Users\default
c:\Program Files\Softerra\LDAP Browser 2.6
5. Start the Softerra LDAP browser.
6. Open the server profile setup and make the following changes:
    Ensure the correct LDAP secure port  is  shown in the General tab then press   apply.
    Make sure the checkbox is enabled for Try to use SSL in the LDAP settings       dialog then press OK.

LDAP SSL connections should now be successful.