Previous Topic

Next Topic

Book Contents

Book Index

Example

The following procedure provides an example on how to obtain a certificate file from the Windows Active Directory server. The .pem format certificate file name should be renamed em_ldap_ssl.pem. The rename procedure is outlined in the Active Directory server example in step 8b.

  1. Select Programs => Administrative Tools => Certification Authority to open the Certification Authority application.
  2. Right-click Certification Authority, and select Properties.
  3. Click View Certificate to view the certificate’s page.
  4. In the Details tab, click Copy to file to start the Certificate Export Wizard.
  5. In the Export File Format page, select the Base-64 Encoded X.509 (.cer) format and click Next.
  6. Enter a file name with a .cer extension that includes the Active Directory server name.
  7. Complete the steps in the wizard to create an exported copy of the Certification Authority for the Active Directory server.
  8. Convert the certificate from .cer format to .pem format as follows:
    1. Using FTP or another file copying application, copy the Active Directory server certificate file you just created to a system on which the Active Directory client runs.
    2. Log on to the system where you copied the certificate and run the following command:

      openssl x509 -in AD certificate name -out em_ldap_ssl.pem

      AD certificate name represents the file name given in step 6.

    NOTE: For a certificate file obtained from a different LDAP server, rename the file em_ldap_ssl.pem.

    The location and name of the certificate (.pem) file can be changed by configuring the TLS_CACERT parameter value in the <Control-M/EM_directory>/etc/ldap.conf file for the new path and name.

For Control-M/EM installed on Windows:

  1. Obtain a .pem format certificate file from the directory server. Creating and exporting certificate files are different for each LDAP server vendor. Refer to your LDAP server administrator to obtain the correct certificate file.

    For an example on how to obtain a certificate from the Windows Active Directory, see the Example above.
  2. Place the certificate file in the proper location and follow the SSL certificate installation instructions, as provided by Microsoft, using the MMC utility.

For more information about continuing the LDAP and SSL configuration, see Administration.

Parent Topic

Configuring communication with LDAP or Active Directory servers using SSL