Overview#

The following steps create a Self Signed .der file that is useable for general-purpose LDAPS, and is required when creating a KMO signed by this Certificate Authority from EDirectory using Imanager for use in another tree.

If you already have a known working copy of this file for the Enterprise Tree, you can skip this section.

• In ConsoleOne or Imanager, select the Enterprise tree. Click the Security container
• right-click the Certificate Authority object

 
This is in the Security COntainer and is typically labeled like:
       .ou=organizational ca.o=IDV

• Click Properties > Certificates-Self-Signed Certificate.
• Click Export.
• Click File in Binary DER Format > click Export
• Save the file to a Known Location.

NOTE: Normally you would not "Export The Private Key" with a certificate. However, this shouild be done on every tree as a Disaster Recovery proceedure. Refer to Backing Up the Certificate Authroirty for how to accomplish this task.

GREAT CARE should be taken to protect the private key for the Certificate Authority.

Using ldapsearch#

There are other ways to obtain the Obtain a Certificate from Server

More Information#

There might be more information for this subject on one of the following:

• Creating KMO Signed By An External Certificate Authority
• Disaster Recovery
• Edirectory Certificate Management
• Generating Dirxml Certificates For Edir2Edir Drivers