You need to import the trusted root certificate into a certificate store (also called a keystore) that the driver can use.
Import the trusted root certificate from the connected eDirectory server and save it to a file in der format.
In iManager, log in to the connected eDirectory server with administrator rights.
In the left pane of the Roles and Tasks tab, select NetIQ Certificate Access > Server Certificates, then select a server certificate.
Select an Elliptic Curve (EC) certificate if your Identity Vault and connected system have eDirectory 9.0.2.x.
Select a non-EC certificate if your Identity Vault and connected system have eDirectory 8.8.8.x.
Click Export.
Select OU=Organizational CA certificate from drop down menu for the Certificate option.
Select der as the Export format, then click Next.
Save the file to a local file system.
Add the .der file to the keystore by using the following command at the command line:
keytool -import -file PATH_OF_DERFile\PublicKeyCert.der -keystore KEYSTOERPATH\NAME.keystore -storepass keystorepass
You are recommended to use Java 1.8 keytool or later.
When you are asked to trust this certificate, select Yes, then click Enter.
Copy the .keystore file to any directory on the same file system that has the Identity Vault files.
In iManager, select Identity Manager > Identity Manager Overview.
Search for drivers.
Click the Bidirectional eDirectory driver object, then click it again in the Identity Manager Driver Overview page.
In the Keystore Path parameter, enter the complete path to the keystore file.
Enable the driver’s SSL parameter and adjust the other SSL parameters as needed.
For information, see Driver Parameters.
Continue with Configuring Mutual Authentication.