4.3 Updating the LDAP Certificates

To ensure that you have a secure connection between the LDAP directory and Self Service Password Reset, you must import a certificate in to Self Service Password Reset through the Configuration Editor or with the Configuration Guide. For more information about securing Self Service Password Reset with certificates, see Securing Self Service Password Reset in the Self Service Password Reset 4.3 Installation Guide.

Certificates always have an expiration date for security reasons. You must import a new certificate from the LDAP directory at some point. There are two different ways to do this depending upon if the certificate is expired or not.

4.3.1 Updating the LDAP Directory Certificate When It Is Not Expired

If you know when the LDAP certificate if about to expire, you can import a newly updated certificate from the LDAP directory into Self Service Password Reset using the Configuration Editor.

  1. Log in to Self Service Password Reset at https://dns-name/sspr as an administrator.

  2. In the toolbar, click your name.

  3. Click Configuration Editor.

  4. Click LDAP > LDAP Directories > default > Connection.

    Select the appropriate profile for the LDAP directory.

  5. Under LDAP Certificates, click Import From Server.

    The Configuration Editor contacts the LDAP directory server and obtains a new certificate for you.

  6. Click OK.

  7. In the toolbar, click Save changes.

4.3.2 Updating the LDAP Directory Certificate After It Expires

If the LDAP certificate has expired, that means you can not log into the Configuration Editor through normal means and you receive an error -5017. You must unlock the configuration before you can import a new LDAP directory certificate which enables logins again.

To unlock the configuration and change the LDAP directory certificate while the certificate is expired:

  1. Unlock the configuration using the specific steps for your platform. For more information, see How to Lock and Unlock the Self Service Password Reset Configuration.

  2. After you have unlocked Self Service Password Reset, access the Configuration Editor.

  3. Perform the steps listed above to import a new valid certificate. For more information, see Updating the LDAP Directory Certificate When It Is Not Expired.