Below is a copy of an email my SA sent to me on how he was able to get it to work:
ITSM requires an outdated version of a Netscape certificate database file in order to establish an LDAP over SSL link. We were able to generate an initial database using Netscape Communicator 4.8. It took some trouble shooting, but we eventually were able to import the AvonIssuingCA cert by browsing to our Microsoft CA with Netscape (direct import is intentionally made very difficult). You can see the AvonIssuingCA in the file attached below (CA_Certs.jpg). I then used Netscape to communicate with each domain controller resolved from "xxxxxxx" and imported their server certificates. You can see the server certifications in the file attached below (Server_Certs.jpg). The resulting cert7.db and key3.db have been copied to xxxx (Remedy app server) and placed within the /usr/ar/xxxxxx(server name)/conf folder. We should now be prepared to attempt a test using sLDAP (LDAP over SSL). I added all of the server certificates, so you could change the LDAP servername from a specific server to "xxxxxx". This provides us with redundancy (DNS - round robin) should a domain controller go offline. I should be available after 3:30 today to assist you in testing the connection. FYI I've removed references to our server/network but hopefully there's some information that might be useful to figuring out how to create the certificate. While I don't know the specifics, I know our SA struggled with it a bit. His time is limited, but if you have a specific question I'll direct it to him if you need the help. Anthony K R <[EMAIL PROTECTED]> Sent by: "Action Request System discussion list(ARSList)" <[email protected]> 02/01/2007 11:19 AM Please respond to [email protected] To [email protected] cc Subject AREA LDAP with SSL ** Hi, OS: Redhat Linux ARS: 5.01.02 with Patch 1389 We have configured AREA LDAP without SSL and it works fine. To enable SSL, we have to use our certificates. The Security team is unable to import these certificates into to Netscape's( v 4.79 )cert7.db and key3.db files. When they use CertUtil to view cert7.db, they see all the information but when our certificates are added, the tool always gives cert8.db but not cert7.db. I have explored the previous posts available in ARSList/RemedySupport about SSL, but don't know how to update certificate database. When I try to import certificates through Netscape Communicator, it does not work. If you know how to import certificates to cert7.db, please let me know. Regards, Anthony __20060125_______________________This posting was submitted with HTML in it___ _______________________________________________________________________________ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org ARSlist:"Where the Answers Are"
