Federation Manager Guide › User Directory Connections for Authentication › How to Connect to an LDAP User Directory Over SSL › Prerequisites for an SSL-enabled LDAP Connection

Prerequisites for an SSL-enabled LDAP Connection

Review the following before configuring an LDAP user directory connection over SSL:

• Be sure your directory server is SSL-enabled.

  Note: For information about configuring your directory server to communicate over SSL, refer to the vendor-specific documentation.

• Check that you have a database of trusted CA certificate files in cert7.db format.

  Federation Manager uses a Netscape LDAP SDK to create a cert7-compatible database. The database contains a set of trusted CA certificates that Federation Manager uses for SSL communication to an LDAP directory. The database files must be in a Netscape file format cert7.db.

  Important! Do not use Microsoft Internet Explorer to install certificates into your cert7.db database file.

• Obtain a certificate utility to manage the SSL certificates.

  To manage the SSL certificates, you need to use a third-party certificate utility that is compatible with Netscape. We recommend the Mozilla® Network Security Services (NSS) utility, version 3.2.2.

  Note: Version 3.2.2 is required to support the cert7.db format. Do not use later versions.

For user directory connections configured with the LDAP namespace, complete the procedures in the following sections to configure the connection over SSL.