ldapssl_add_trusted_cert error -1

  • 7014291
  • 13-Dec-2013
  • 15-Dec-2013

Environment

NetIQ eDirectory
NetIQ iManager
NetIQ Modular Authentication Service (NMAS)

Situation

Documentation for authentication methods calls for private key of LDAP certificate
Using LDAP secure certificate produces an add_trusted_cert_error
LDAP secure certificate becomes "untrusted" 

Resolution

For certain authentication methods that require secure LDAP connections the documentation may require the use of a "Private Key". This private key is part of the authentication chain the eDirectory Certificate Authority creates when creating a secure LDAP certificate.
 
To procure this private key you must do the following:

1.       Log into iManager

2.       Click View Objects on the upper toolbar on the screen

3.       Click the Security container to view its contents

4.       Click your Certificate authority. (This Object may have the words "certificate authority" or "CA" in its name)

5.       Click the Certificates tab. You should see two certificates. One of them should be called Self Signed Certificate

6.       Check the box beside Self Signed Certificate

7.       Click Export

 

Depending on your method of authentication and the documentation you may need to export the private key (if the method or documentation requires a PKCS12 or PFX file) or not export the private key (if the method or documentation requires a DER or BASE64 file)

 ·         If documentation states that you need the private key, the password can be any password of your choosing