Previous Topic: Configure Federation Manager to Use the Certificate Database

Next Topic: SSL-enable the LDAP User Directory Connection

Federation Manager GuideUser Directory Connections for AuthenticationHow to Connect to an LDAP User Directory Over SSLVerify that the Certificates are in the Database

Verify that the Certificates are in the Database

Verify that the certificate database contains all intermediate and root CA certificates that signed the SSL certificate used by the LDAP directory server.

Note: The following procedure details the specific options and arguments to complete the task. For a complete list of the NSS utility options and arguments, refer to the Mozilla documentation on the NSS project page.

To list the certificates in the certificate database

  1. From a command prompt, navigate to the bin directory where you extracted the NSS utility.

    Example: C:\nss\bin

    Note: Windows has a native certutil utility. Verify that you are working from the bin directory of the NSS utility, or you can inadvertently run the Windows certutil utility.

  2. Run the following command: 
    certutil -L -d certificate_database_directory
    -L

    Lists all of the certificates in the certificate database.

    -d certificate_database_directory

    Specifies the path to the directory that contains the certificate database.

    Note: If the file path contains spaces, bracket the path in quotes.

    NSS displays the root CA alias and the trust attributes you specified when adding the certificate to the certificate database.

Example: List the Certificates in the Certificate Database

certutil -L -d C:\certdatabase