Netscape DIRECTORY SERVER 6.1 - ADMINISTRATOR Administrator's Manual page 394

Configuring LDAP Clients to Use SSL
On the client system, obtain a client certificate from the CA.
4.
On your client system, install your client certificate.
5.
Regardless of how you receive your certificate (either in email or on a web
page), there should be a link that you click to install the certificate. Click it and
step through the dialog boxes that Communicator presents to you.
Make sure you record the certificate information that is sent to you in a file. In
particular, you must know the subject DN of the certificate because you must
configure the server to map it to an entry in the directory. Your client certificate
will be similar to:
-----BEGIN CERTIFICATE-----
MIICMjCCAZugAwIBAgICCEEwDQYJKoZIhvcNAQEFBQAwfDELMAkGA1UEBhMCVVMx
IzAhBgNVBAoTGlBhbG9va2FWaWxsZSBXaWRnZXRzLCBJbmMuMR0wGwYDVQQLExRX
aWRnZXQgTWFrZXJzICdSJyBVczEpMCcGA1UEAxMgVGVzdCBUZXN0IFRlc3QgVGVz
dCBUZXN0IFRlc3QgQ0EwHhcNOTgwMzEyMDIzMzU3WhcNOTgwMzI2MDIzMzU3WjBP
MQswCQYDVQQGEwJVUzEoMCYGA1UEChMfTmV0c2NhcGUgRGlyZWN0b3
-----END CERTIFICATE-----
You must convert the client certificate into its binary format using the
6.
certutil
a.
b.
On the server, map the subject DN of the certificate that you obtained to the
7.
appropriate directory entry by editing the
This procedure is described in Managing Servers with Netscape Console.
394 Netscape Directory Server Administrator's Guide • August 2002
utility. To do this:
Download the
certutil
http://www.mozilla.org/projects/security/pki/nss/tools/
Run as follows:
certutil
certutil -L -d cert7dbPath -n userCertName -r > userCert.bin
where cert7dbPath is the location of your certificate database (the
file), userCertName is the name you gave to your certificate when you
installed it, and userCert.bin is the name you must specify for the output file
that will contain the binary certificate.
utility from
certmap.conf
.
cert7.db
file.