LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Installing LDAP-UX Client Services
Configuring the LDAP-UX Client Services with SSL Support
Chapter 254
Step 5. Check the “Trust this CA to identify web sites”, “Trust this CA to identify
email users”, and “Trust this CA to identify software developers”
checkboxes in the Downloading Certificate window screen. Then click OK
button.
Step 6. The Netscape Directory CA certificate will be downloaded to the
following two files on your LDAP-UX Client:
/.mozilla/default/*.slt/cert8.db
/.morilla/default/*.slt/key3.db
Step 7. You can simply copy the /.mozilla/default/*slt/cert8.db file to
/etc/opt/ldapux/cert8.db and /.mozilla/default/*slt/key3.db file to
/etc/opt/ldapux/key3.db.
Step 8. Set the file access permissions for /etc/opt/ldapux/cert8.db and
/etc/opt/ldapux/key3.db to be read only by root as follows:
-r-------- 1 root sys 65536 Jun 14 16:27 \
/etc/opt/ldapux/cert8.db
-r-------- 1 root sys 32768 Jun 14 16:27 \
/etc/opt/ldapux/key3.db
NOTE For the multiple domain environment, you just need to download the
certificate database files, cert7.db or cert8.db and key3.db, from one
domain, no additional action is required.
NOTE You may use the unsupported /opt/ldapux/contrib/bin/certutil
command line tool to create the certificate database files, cert8.db and
key3.db. For detailed command options and their arguments, refer to
Using the Certificate Database Tool available at
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html.
If your browser does not generate cert8.db and key3.db security
database files, you must export the certificate (preferably the root
certificate of the Certificate Authority that signed the LDAP server’s