I apologise for bad wording of question.
We have a 11g Directory Server and when we created the directory instance it generated a self-signed certificate. very nice.
We have recently requested and installed a CA signed certifcate, so we now have TWO certificates in the directory certificate store. Default Certificate and the new Server-Cert (the CA signed one)
LDAP clients STILL seem to be presented with the self-sgned certificate though.
Simple question... how do I make my Server-Cert the 'default' certificate presented to LDAP clients ???
I would rather not delete the self-signed cert if possible.
I cant find any documented method to achieve this.
# Listing Certificate
$ /certutil -L -d <path>/slapd-abc/alias -P slapd-
# Add Trust by adding CT
$ certutil -M -n "GeoTrust DV SSL CA" -t CT,, -d <path>/slapd-abc/alias -P slapd-
# Verify the setup.
$ certutil -L -d <path>/slapd-abc/alias -P slapd-
( You should see the CT beside the relevant cerficate, making it default for SSL communication )
GeoTrust DV SSL CA CT,,
Link : http://docs.oracle.com/cd/E19656-01/821-1504/6nmg10b6g/index.html ( Look around for different steps for configuring SSL )
Use the following command: dsconf set-server-prop ssl-rsa-cert-name Server-Cert
Alternatively, shutdown the directory server and edit dse.ldif and replace