Obtaining a certificate file from the Windows Active Directory server

This procedure describes how to obtain a certificate file from the Windows Active Directory server. The .pem format certificate file name must be renamed em_ldap_ssl.pem. The rename procedure is outlined in the Active Directory server example in step 8b.

1. Select Programs > Administrative Tools > Certification Authority to open the Certification Authority application.
2. Right-click Certification Authority, and select Properties.
3. Click View Certificate to view the certificate’s page.
4. In the Details tab, click Copy to file to start the Certificate Export Wizard.
5. In the Export File Format page, select the Base-64 Encoded X.509 (.cer) format and click Next.
6. Enter a file name with a .cer extension that includes the Active Directory server name.
7. Complete the steps in the wizard to create an exported copy of the Certification Authority for the Active Directory server.
8. Convert the certificate from .cer format to .pem format as follows:
   1. Using FTP or another file copying application, copy the Active Directory server certificate file you just created to a system on which the Active Directory client runs.
   2. Log on to the system where you copied the certificate and run the following command:

      openssl x509 -in AD certificate name -out em_ldap_ssl.pem

      AD certificate name represents the file name given in step 6.