LDAP-UX Client Services B.04.00 Administrator's Guide
Installing And Configuring LDAP-UX Client Services
Configure the LDAP-UX Client Serivces with SSL Support
Chapter 2 45
NOTE The -t "C,," represents the minimum trust attributes that may be
assigned to the CA certificate for LDAP-UX to successfully use SSL
to connect to the LDAP directory server. If you have other
applications that use the CA certificate for other functions, then you
may wish to assign additional trust flags. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.ht
ml for additional information.
• To use the certutil command to add the LDAP server’s certificate
to the security database:
For example, the following command adds the LDAP server’s
certificate, my-server-cert, to the security database directory,
/etc/opt/ldapux, with the Base64-Encoded certificate request file,
/tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \
"P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE The -t "p,," represents the minimum trust attributes that may be
assigned to the LDAP server’s certificat for LDAP-UX to successfully
use SSL to connect to the LDAP directory server. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.ht
ml for additional information.