Importing self-signed certificates

If your LDAP directory server uses self-signed certificates or certificates that are not from one of the commercial certificate authorities installed in the key database file, then you must import the certificates into the key database file. Get copies of these certificates from your LDAP server administrator.

Procedure

  1. If the Global Security Kit (GSKit) iKeyman utility is not open, navigate to the \IBM\HTTPServer\bin directory and double-click ikeyman.bat.
  2. Click Key Database File > Open.
    1. Enter the name of the key database file. Click OK.
    2. Enter the password for the key database file. Click OK.
  3. In the Key database content area, select Signer Certificates from the list.
  4. Click Add. The Add CA's Certificate from a File window opens.
  5. In the Certificate file name field, enter the name and location of the certificate that you received from your LDAP server administrator. Click OK.
  6. Enter a label name. Choose a name that identifies the certificate authority. For example, you might use MYLDAP to identify the LDAP server as the self-signed certificate authority.
  7. Click OK. The new certificate appears in the list of signer certificates.
Parent topic: Enabling SSL Encryption with GSKit
Related tasks:
Setting the JAVA_HOME environment variable
Creating a key database
Using certificates from a commercial certificate authority
Related information:
Distributing the key database file
Setting the LDAP connection information for SSL