You must export the CA certificate from the Active Directory server to enable Secure
Sockets Layer (SSL) security.
About this task
Different Corporate organizations have different methods and processes to create a CA root
certificate. The below procedure provides information on creating a personal CA for Active Directory
2003. Note: Rational Directory Server (Tivoli) uses GSKIT8 for secured communication and GSKIT8
supports DER and pkcs12 certificates only. CA certificates of other formats need to be converted to
supported formats before importing them to IBM Rational DOORS client keystores.
Procedure
- Log on as a domain administrator on the Active Directory domain server.
- Install the certificate authority (CA) on the Microsoft
Windows Server, which installs the server certificate on
the Active Directory server. To do so, complete the below steps:
- Click to open the CA Microsoft Management Console (MMC) GUI.
- Highlight the CA computer, and right-click to select CA
Properties.
- From General menu, click View
Certificate.
- Select the Details view, and click
Copy to File on the lower-right corner of the window.
- Use the Certificate Export wizard to save the CA
certificate in a file.
Note: You can save the CA certificate in either DER Encoded Binary X-509 format or Based-64 Encoded
X-509 format.