18.2 Verifying an LDAP SSL Server Certificate Verification
During LDAP connection, client receives the root certificate from the server so that client can verify the trustworthiness of the server. The client uses the following process to validate the certificate:
- It compares the current certificate with previously stored certificate, if any. If both certificates match, the client does not perform further checks, and adds the certificate to the local store. If the certificates do not match, the client continues the validation process.
- It checks whether the certificate is trusted. This ensures that a known authority is issuing the certificate.
- It checks whether the date on the certificate is valid with reference to the current date.
- It checks whether the host name on the certificate matches the date on the server.
If the certificate passes these preceding tests, the client adds the certificate to local store so it can be used for future verification.
If the certificate does not pass the verification process, the application prompts the you to either continue the connection or terminate the connection.
Figure 18-1 Certificate Verification
- To continue the connection, click . The certificate is added to the local store so it can be used for future verification, and the authentication process continues.
- To terminate the connection, click .
- To get details about the certificate, click to display the Certificate Information dialog
box shown in Figure1.2. If you decide that the certificate is valid,
you can click to permanently
install the certificate.
NOTE:This store is different from local store used by LDAP client to store trusted root certificates.
Figure 18-2 Certificate Details
