Interoperability with Microsoft Active Directory

If IBM® Security Directory Suite Directory Server is configured over SSL by using serverClientAuth authentication, follow the steps to make it work with Microsoft Active Directory client LDP.exe.

To make IBM Security Directory Suite Directory Server configured over SSL by using serverClientAuth authentication to work with Microsoft Active Directory client LDP.exe, complete the following steps.

  1. Select Internet Information Services (IIS) Manager from Administrative Tools in Control Panel.
  2. On the left navigation panel, select the Web Site node.
  3. Under the website node, right-click Default Web Site, and then select Properties.
  4. On the Default website Properties dialog box, select the Directory Security tab.
  5. To request for a new certificate, click Server Certificate under the Secure communications area. The Web Server Certificate Wizard is opened.
    1. On the Server Certificate page in the IIS Certificate Wizard dialog box, select the Create a new certificate option and click Next.
    2. On the Delayed or Immediate Request page, enter the required options and click Next.
    3. On the Name and Security Settings page, in the Name field enter the host name of the system and click Next.
    4. On the Organization Information page, specify appropriate names and click Next.
    5. On the Your Site’s Common Name page, in the Common name field, enter the host name of the system and click Next.
    6. On the Geographical Information page, specify appropriate values and click Next.
    7. On the Certificate Request File Name page, in the File name field specify the path name and file name for the certificate request and click Next.
    8. The summary of the values is displayed. Click Next.
    9. Click Finish.
  6. Send the certificate request by using these steps to any certificate authority (CA) to issue a certificate.
  7. After you receive the server certificate, add the certificate by using IIS Certificate Wizard.
    1. On the Pending Certificate Request page, select the Process the pending request and install the certificate option and click Next.
    2. On the Process a Pending Request page, in the Path and file name field specify the path name and file name of the certificate. You can also use Browse to select the certificate. Click Next.
  8. Export the personal certificate to pfx or p12 format by using IIS Certificate Wizard.
    1. On the Modify the Current Certificate Assignment page, select the Export the current certificate to a .pfx file option and click Next.
    2. On the Export Certificate page, in the Path and file name field enter the path name and file name where pfx certificate to be stored. Click Next.
    3. On the Certificate Password page, in the Password and Confirm password fields enter the password and click Next.
    4. On the Export Certificate Summary page, the summary of the provided values is displayed. Click Next.
    5. Click Finish.
  9. To import the certificate, double-click the stored pfx certificate. The Certificate Import Wizard is opened.
    1. On the File to Import page, in the File name field enter the path and file name of the pfx certificate and click Next.
    2. On the Password page, enter the password and click Next.
    3. On the Certificate Store page, select the Place all certificate in the following store option and click Browse and select Personal from the Select the certificate store you want to use list in the Select Certificate Store dialog box. Click Next.
    4. Click Finish.
  10. To export the personal certificate in BER format, complete the following steps.
    1. Open Internet Explorer, select Tools > Internet Options.
    2. Select the Content tab in the Internet Options dialog box, and select Certificates under the Certificates area.
    3. On the Personal tab in the Certificates dialog box, select the certificate and click Export. The Certificate Export Wizard.
    4. On the Export File Format page, select the Base-64 encoded X.509 (.CER) option and click Next.
    5. On the File to Export page, in the File name field enter the file name that you want to export and click Next.
    6. Click Finish.
  11. On a system on which a Directory Server instance is running, open the Directory Server key database file by using the GSKit key management application, ikeyman.
  12. Add the exported certificate as a signer in the server key database.
Parent topic: Interoperability