Previous Topic: Before You Configure an LDAP Connection over SSLNext Topic: SSL-enable the LDAP User Directory Connection

CA SiteMinder® Federation Standalone GuideUser Directory Connections for AuthenticationHow to Connect to an LDAP User Directory Over SSLVerify that the Certificates are in the Database

Verify that the Certificates are in the Database

List the certificates to verify that they were added to the certificate database. Use the Mozilla Network Security Services (NSS) certutil application that is installed with the Policy Server to create the certificate database files.

Note: The following procedure details the specific options and arguments to complete the task. For a complete list of the NSS utility options and arguments, refer to the Mozilla documentation on the NSS project page.

Important! Before running a CA SiteMinder® utility or executable on Windows Server 2008, open the command line window with administrator permissions. Open the command line window this way, even if your account has administrator privileges.

Follow these steps:

  1. From a command prompt, navigate to the Policy Server installation bin directory.

    Example: C:\Program Files\CA\SiteMinder\bin

    Note: Windows has a native certutil utility. Verify that you are working from the bin directory of the NSS utility, or you can inadvertently run the Windows certutil utility.

  2. Run the following command: 
    certutil -L -d certificate_database_directory
    -L

    Lists all of the certificates in the certificate database.

    -d certificate_database_directory

    Specifies the path to the directory that contains the certificate database.

    Note: If the file path contains spaces, bracket the path in quotes.

    displays the root CA alias, the server certificate alias, and the trust attributes you specified when adding the certificates to the certificate database.

Example: List the Certificates in the Certificate Database

certutil -L -d C:\certdatabase