Exporting The Certificate Authority Certificate


The following steps create a Self Signed .der file that is useable for general-purpose LDAPS, and is required when creating a KMO signed by this Certificate Authority from EDirectory using Imanager for use in another tree.

If you already have a known working copy of this file for the Enterprise Tree, you can skip this section.

This is in the Security COntainer and is typically labeled like:
       .ou=organizational ca.o=IDV
  • Click Properties > Certificates-Self-Signed Certificate.
  • Click Export.
  • Click File in Binary DER Format > click Export
  • Save the file to a Known Location.

NOTE: Normally you would not "Export The Private Key" with a certificate. However, this shouild be done on every tree as a Disaster Recovery proceedure. Refer to Backing Up the Certificate Authroirty for how to accomplish this task.

GREAT CARE should be taken to protect the private key for the Certificate Authority.

Using ldapsearch#

There are other ways to obtain the Obtain a Certificate from Server

More Information#

There might be more information for this subject on one of the following: