Importing Certificates

If you are using LDAP over Secure Sockets Layer (SSL) or LDAP with Transport Layer Security (TLS), you must follow these steps before setting up authentication.

When a secured protocol (SSL or TLS) is used to exchange information with an external LDAP directory, Yellowbrick must establish trust using the public certificate for the external directory. To establish trust, import one or more certificates for the external directory or the signing root and intermediate certificates for the external directory. A full certificate chain must be installed; intermediate certificates by themselves are not sufficient to establish trust.

Certificate files must be PEM-encoded.

  1. Export the SSL certificate from the LDAP Server.
  2. Log into the SMC and go to Configure > LDAP > Certificates.
  3. Import the certificate into the SMC in one of the following ways:
    • Drag and drop the file directly to the LDAP certificates screen, then click OK. For example:

    • Click Import Certificate, then copy and paste the contents of the certificate. The certificate content must begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----. For example:

    You can also change and delete certificates.

    Note: You may be able to bypass this import certificate step and import a trusted certificate when you test LDAP logins. If you have imported a root or intermediate certificate for the authority that issued the LDAP server certificate, but the server certificate itself has not been imported, click Set Trusted Certificates on the Test LDAP Login screen. For example:

    See also Setting Up Authentication.