Ensure that the IBM® i
LDAP client trusts the SSL certificate used by the LDAP server with
which it communicates.
About this task
IBM Sametime® for IBM i uses the LDAP client included with the IBM Directory Server that is installed
as part of the IBM i operating
system. Enable the LDAP client to trust the LDAP server by importing
the server's SSL certificate into the store on the client (the IBM i server) and then adding the
Certificate Authority to the trust list.
Procedure
- Use the DCM (Digital Certificate Manager) program to determine
whether the CA Certificate that signed the LDAP directory server's
certificate is already included in the DCM *SYSTEM certificate store.
Well-known public Internet Certificate
Authorities (CA) that most web browsers can recognize readily, such
as VeriSign, are already included in the DCM. If the appropriate CA
is included in the certificate store, you have finished this task;
skip the remaining steps.
If the CA used by your LDAP server's
certificate does not appear in the DCM *SYSTEM certificate store,
import it now by completing the remaining steps in this procedure.
- Import the LDAP directory server's certificate into the
DCM *SYSTEM certificate store.
- Use DCM to add the CA Certificate to the trust list of
the IBM Directory Server LDAP
client application.
The application ID is QIBM_GLD_DIRSRV_CLIENT
.