!!! Overview
The following steps create a Self Signed .der file that is useable for general-purpose LDAPS, and is required when creating a KMO signed by this [Certificate Authority] from [EDirectory] using [Imanager] for use in another tree. 

If you already have a known working copy of this file for the Enterprise Tree, you can skip this section.
*In ConsoleOne or [Imanager], select the Enterprise tree.  Click the Security container 
* right-click the [Certificate Authority] object
{{{ 
This is in the Security COntainer and is typically labeled like:
       .ou=organizational ca.o=IDV
}}}
* Click Properties > Certificates-Self-Signed Certificate.
* Click Export.
* Click File in Binary DER Format > click Export
* Save the file to a Known Location.

__NOTE:__ Normally you would not "Export The Private Key" with a certificate. However, this shouild be done on every tree as a Disaster Recovery proceedure. [Refer to Backing Up the Certificate Authroirty|Backing Up The Organizational CA] for how to accomplish this task.

__GREAT CARE__ should be taken to protect the private key for the Certificate Authority.

!! Using ldapsearch
There are other ways to obtain the [Obtain a Certificate from Server]

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]