While monitor a customer perform the usual steps to enable SSL to CA Directory DSA for the IMCD (corporate user store/directory) and IMPS (provisioning server user store), we were puzzle with completion of the steps and error messages.
I took this task offline, to review why we were seeing failure of base communications.
The root challenge was a change in CA Directory default SSLD functionality from using SSL protocol to TLS protocol as of CA Directory r12sp14+.
Siteminder appears to be using SSLv3 for non-FIPS communications; and TLS1.x+ for FIPS communications.
I was able to determine the root issue with the SM Profiler (smtracedefault.log) with the LDAP component added; and monitoring the CA Directory IMCD warn logs (no need to use trace).
An additional hint from this link, CA Directory can only talk TLS or SSLv3, not both.Can it do both?
was very helpful.
I put together the follow deck to help others quick accomplish this task for IMCD/IMPS integration with SSL with SiteMinder tightly integrated with IM (ra.xml + enabled in ra.xml + im library deployed on SMPS).
This is an awesome post and invaluable resource for the community! Thank you for taking the time to put together such a useful pdf. It is greatly appreciated. I also really enjoyed the work you did previously on the entropy discussion.