Where can I obtain statistics regarding indicative Directory storage space requirements for SecureLogin SSO data such as application definitions, password policies, preferences and credentials?
The following steps will allow you to retrieve the certificate in a format that SecureLogin is able to use. This article requires you to have the Sun Directory server already configured for LDAPS communications using a self signed certificate.
The steps that we will be performing for this method will require you to extract the certificate to a PKCS#12 file and then import / export from Internet Explorer to retrieve just the public side of the certificate.
- Export the self signed certificate using dsadm. During the export since the private key will be exported you will need to enter a password (twice) to secure the file. This password will be used when importing into Internet Explorer.
Dsadm export cert o <export name;gt; <certificate alias> Dsadm export cert o /tmp/selfsigned-export.pkcs12 LDAPCert
- Copy the exported certificate to the Windows machine.
- Import certificate into Internet Explorer (our example uses IE7):
a. Launch Internet Explorer
b. Select Tools
c. Select Internet Options
d. Select the Content tab
e. Click Certificates
f. Click Import to launch the import wizard.
i. Click Next
ii. Enter or Browse for the file you copied in Step 2
iii. Click Next
iv. Enter the password from Step 1
v. Click Next
vi. Ensure the certificate store is set to Personal
vii. Click Next
viii. Click Finished
g. You should receive a message indicating that the certificate import was successful. Click OK to dismiss the dialog.
h. Your certificate should be now listed in your Personal store.
- Export the public key certificate from Internet Explorer:
a. Select the certificate we just imported
b. Click Export to start the wizard
i. Click Next
ii. Ensure No, do not export the private Key is selected and press Next
iii. Select the format you wish to have the certificate exported as and press Next. SecureLogin SSO will allow either Base-64 or DER encoded files and determines the type based on the name. If the extension is .DER it will use DER encoding for the file, otherwise it will use Base-64 encoding.
iv. Browse or enter a path and filename for the certificate&&& and press Next
v. Press Finish to export the certificate.
c. You should receive a message indicating that the certificate export was successful. Click OK to dismiss the dialog.
- Remove the imported certificate from the PC / Internet Explorer
a. Ensure the certificate you imported is still selected
b. Click Remove
c. Select Yes on the warning dialog
d. Close the certificate page
e. Close the Internet Options page
f. Close Internet Explorer
- Rename the DER exported file from CER to DER
a. When exporting DER files from Microsoft utilities, they typically will append the extension .CER. Because of this, SecureLogin will not recognize the file as DER encoded and think it is Base-64 encoder and fail. Locate the file and rename it from .CER to .DER so that SecureLogin can utilize it.