The UNIX Agent Manager server can communicate with the LDAP or Active Directory server using Secure Sockets Layer (SSL). If you choose UNIX Agent Manager server to communicate with the server using SSL, you must obtain and manage the required certificates. UNIX Agent Manager requires certificates that are base-64 encoded and use a .cer extension.
For example, to get a certificate from an OpenLDAP server, run the following command from the /etc/openldap/certs directory on the computer that is running the slapd process:
certutil –L –a –n "OpenLDAP Server" –d `pwd` > servername.pem
The command creates a servername.pem file that you can import into UNIX Agent Manager using the Manage Server window where you identify your LDAP server.
Ensure that you close and restart the UNIX Agent Manager after you import the certificate.
NOTE:For more information about LDAP authentication, see Logging in by Using LDAP User Credentials in The NetIQ Sentinel Administration Guide.