Setting up your LDAP client to access Directory Server

The process can also be used to import CA certificates from other sources, such as VeriSign, into the client's key database file for use as trusted roots. A trusted root is simply an X.509 certificate signed by a trusted entity (for example VeriSign, or the creator of a self-signed server certificate), imported into the client's key database file, and marked as trusted.

1. Copy the server's certificate file (cert.arm) to your client workstation.
2. Run ikeyman to create a new client key database file or to access an existing one. For a new client key database, choose a file name associated with the client for ease of management. For example, if the LDAP client runs on Fred's machine, you might choose to name the file FRED.KDB.
3. If adding a server's certificate to the existing client key database:
   1. Click Key database file and select Open.
   2. Enter the path and name of the existing key database file then click OK.
   3. Enter the password.
   4. Ensure signer certificates is chosen. Click Add.
   5. Enter the name and location of the server's certificate file.
   6. Enter a label for the server certificate entry in the client's key database file, for example, Corporate Directory Server, and then click OK.
4. If creating the new Client key database:
   1. Click Key database file and select New.
   2. Enter the name and location for the new Client Key DataBase file, and then click OK.
   3. Enter the password.
   4. After the new client key database is created, repeat the previous steps for adding the server's certificate to the existing key database file.
5. Exit ikeyman.

See The iKeyman tool for additional information.