Federation Manager Guide › User Directory Connections for Authentication › How to Connect to an LDAP User Directory Over SSL › Verify that the Certificates are in the Database

Verify that the Certificates are in the Database

Verify that the certificate database contains all intermediate and root CA certificate that signed the SSL certificate to be used by the LDAP directory server.

Note: The following procedure details the specific options and arguments to complete the task. For a complete list of the NSS utility options and arguments, refer to the Mozilla documentation on the NSS project page.

To list the certificates in the certificate database

1. From a command prompt, navigate to the bin directory where you extracted the NSS utility.

   Example: C:\nss\bin

   Note: Windows has a native certutil utility. Ensure you are working from the bin directory of the NSS utility or you may inadvertently run the Windows certutil utility.

2. Run the following command:

   certutil -L -d certificate_database_directory
   

   • -L

     Lists all of the certificates in the certificate database.

   • -d certificate_database_directory

     Specifies the path to the directory that contains the certificate database.

     Note: If the file path contains spaces, bracket the path in quotes.

   NSS displays the root CA alias and the trust attributes you specified when adding the certificate to the certificate database.

Example: List the Certificates in the Certificate Database

certutil -L -d C:\certdatabase