Overview#The following steps create a Self Signed .der file that is useable for general-purpose LDAPS, and is required when creating a KMO signed by this Certificate Authority from EDirectory using Imanager for use in another tree.
If you already have a known working copy of this file for the Enterprise Tree, you can skip this section.
- In ConsoleOne or Imanager, select the Enterprise tree. Click the Security container
- right-click the Certificate Authority object
This is in the Security COntainer and is typically labeled like: .ou=organizational ca.o=IDV
- Click Properties > Certificates-Self-Signed Certificate.
- Click Export.
- Click File in Binary DER Format > click Export
- Save the file to a Known Location.
NOTE: Normally you would not "Export The Private Key" with a certificate. However, this shouild be done on every tree as a Disaster Recovery proceedure. Refer to Backing Up the Certificate Authroirty for how to accomplish this task.
GREAT CARE should be taken to protect the private key for the Certificate Authority.