I have a DPS 7.0 with SSL enabled, and the need is to provide a certificate to Client for SSL Communication. ? Could someone tell what is the exact process for the same.?
I tried the following way to export the cert and provide it to client to utilize within ldapsearch but it does not work .
dpadm show-cert -o /tmp/secureldap-QA-ca-1 -F ascii /appl/ldap/DS70/Proxy1/ "secureproxy"
This looks like the right command to use.
However the procedure to import that cert in the client db and make it trustee depends on the client. What client are you using for your tests ?
With recent Softerra browser releases , in case the certificate presented by the LDAP server appears valid, the server certificate is automatically accepted. If it turns out that the certificate validation fails, then a "Security Alert" dialog is displayed.
When dealing with a "Security Alert" dialog, the user has the following options:
With older releases, you have to install the certificate exported from DPS in the Softerra trusted cert db as described in the Softerra doc.
The exact procedure to apply depends on the ldapsearch version you are using.
Assuming you are using the ldapsearch command shipped with DSEE 7.0, you must import the DPS certificate in a cert db format supported by ldapsearch.
To specify which cert db to use, have a look at -P and -K options of ldapsearch
To create a cert db and import the DPS cert in it, you can use the certutil tools , Have a look at the post https://blogs.oracle.com/jo/entry/sun_directory_server_6_x