Exporting the certificate from the Active Directory Server

You must export the CA certificate from the Active Directory server to enable Secure Sockets Layer (SSL) security.

About this task

Different Corporate organizations have different methods and processes to create a CA root certificate. The below procedure provides information on creating a personal CA for Active Directory 2003.
Note: Rational Directory Server (Tivoli) uses GSKIT8 for secured communication and GSKIT8 supports DER and pkcs12 certificates only. CA certificates of other formats need to be converted to supported formats before importing them to IBM Rational DOORS client keystores.


  1. Log on as a domain administrator on the Active Directory domain server.
  2. Install the certificate authority (CA) on the Microsoft Windows Server, which installs the server certificate on the Active Directory server. To do so, complete the below steps:
    1. Click Start > Control Panel > Administrative Tools > Certificate Authority to open the CA Microsoft Management Console (MMC) GUI.
    2. Highlight the CA computer, and right-click to select CA Properties.
    3. From General menu, click View Certificate.
    4. Select the Details view, and click Copy to File on the lower-right corner of the window.
    5. Use the Certificate Export wizard to save the CA certificate in a file.
    Note: You can save the CA certificate in either DER Encoded Binary X-509 format or Based-64 Encoded X-509 format.