LDAP-UX Client Services B.04.00 with Microsoft Windows 2000/2003 Active Directory Administrator's Guide
Installing LDAP-UX Client Services
Configuring the LDAP-UX Client Services with SSL Support
Chapter 256
NOTE The -t "C,," represents the minimum trust attributes that may be
assigned to the CA certificate for LDAP-UX to successfully use SSL
to connect to the LDAP directory server. If you have other
applications that use the CA certificate for other functions, then you
may wish to assign additional trust flags. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.ht
ml for additional information.
• Use the certutil command to add the LDAP server’s certificate to
the security database:
For example, the following command adds the LDAP server’s
certificate, my-server-cert, to the security database directory,
/etc/opt/ldapux, with the Base64-Encoded certificate request file,
/tmp/mynew.cert:
/opt/ldapux/contrib/bin/certutil -A -n my-server-cert -t \
"P,," -d /etc/opt/ldapux -a -i /tmp/mynew.cert
NOTE The -t "p,," represents the minimum trust attributes that may be
assigned to the LDAP server’s certificat for LDAP-UX to successfully
use SSL to connect to the LDAP directory server. See
http://www.mozilla.org/projects/security/pki/nss/tools/certutil.ht
ml for additional information.