Netscape DIRECTORY SERVER 6.2 - ADMINISTRATOR Administrator's Manual page 410

Configuring LDAP Clients to Use SSL
These operations are sufficient if you want to ensure that LDAP clients recognize
the server's certificate. However, if you also want LDAP clients to use their own
certificate to authenticate to the directory, make sure that all your directory users
obtain and install a personal certificate.
NOTE
The following procedure describes how to use Netscape Communicator 4.7 to
perform these tasks.
To create a certificate, it is sufficient to start Netscape Communicator,
1.
versions 4.7 and later.
If it does not already exist, the certificate database will be created.
Use Communicator to connect to your Certificate Authority.
2.
If you are using an internally deployed Netscape Certificate Management
System, you will go to a URL of the form:
https://hostname:port
Some Certificate Authorities provide a link that allows you to download the
CA's certificate.
Trust the Certificate Authority.
3.
This task differs depending on the CA. In some cases, such as if you are
connecting to a Netscape Certificate Management System, Communicator
will automatically prompt you to see if you want to trust the CA.
These steps are sufficient to ensure that your client applications will accept
connections to take place with the Directory Server, because the clients
recognize that the Directory Server's certificate has been issued by a trusted CA.
However, if you also want the Directory Server to authenticate clients using the
clients' certificate, you must perform the following additional steps:
On the client system, obtain a client certificate from the CA.
4.
410 Netscape Directory Server Administrator's Guide • December 2003
Some client applications do not verify that the server has a trusted
certificate.