Securing communications with an LDAP server
You can configure Transport Layer Security (TLS) to encrypt communications between the SafeLinx Server and an LDAP server.
About this task
In some cases, you can use a web browser, such as Mozilla Firefox, to retrieve the signer certificate for the LDAP server. This method is documented in the procedure that follows. If the browser method is unsuccessful, ask the LDAP administrator to extract the certificate and return it to you in a certificate file in .der format.
Procedure
-
To use Mozilla Firefox to retrieve a signer certificate for the LDAP server, specify type the
address of the LDAP server in the location bar, with an https prefix.
For example, type:
https://ldap.renovations.com
The following message displays:This Connection is Untrusted.
-
Click I Understand the Risks, and then click Add
Exception...
The certificate is saved automatically to the browser's Certificate Manager.
- Open the Firefox menu, click Options or Preferences, and then click Advanced.
- Click View Certificates, and then click the Servers tab.
- Click the certificate and then click Export...
-
In the Save Certificate to File window, browse to the directory where you
want to save the file, click X.509 Certificate (DER) (*.der) in the
Save as type field, and then click Save.
If the file name is not equal to the fully qualified host name of the server, rename the file.For example, save the file as ldap.renovations.com.der.
- Transfer a copy of the file to the SafeLinx Server.