I am trying to connect to LDAP(AD LDS) over SSL as a user directory. I am able to bind successfully if I connect over 389 . But I get an error connecting over 636.
My ldap search command is:
./ldapsearch -D "BINDDN" -w password -h ldaphost -p 636 -b "basedn" -s base "objectClass=*" -P /opt/ca/siteminder/bin/sslcerts/cert8.db
ldap_simple_bind: Can't contact LDAP server
SSL error -8179 (Peer's Certificate issuer is not recognized.)
My policy server already has a cert DB which is loaded with a certificate to connect to another Actice Directory. This has been working fine for years.
AD LDS is a new user store , we want to connect to it over SSL.
I used the following certutil command to add AD LDS certificate to existing cert8.db.
./bin/certutil -A -n nameofthecert -d /opt/netegrity/siteminder/sslcerts -i /opt/netegrity/siteminder/sslcerts/adldscertificate.cer -t "C,C,C"
WHen I do list :
certutil -L -d /opt/ca/siteminder/bin/sslcerts/
I get the following:
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
ad-gc-issuingca-cert C,C,C
Adlds-issuingca-cert C,,
ADLDS issuing Cert is the certificate that we are trying to use.
When I open the certificate on Windows , On certication Path tab, it shows " The Issuer Of this Certificate could not be found" . It seems that there are some missing pieces to my certificate itself but I cant seem to figure what it is. Appreciate any one who can throw some light on this. Thanks.