18.2 Verifying an LDAP SSL Server Certificate Verification
During LDAP connection, client receives the root certificate
from the server so that client can verify the trustworthiness of
the server. The client uses the following process to validate the
certificate:
- It compares the current certificate
with previously stored certificate, if any. If both certificates match,
the client does not perform further checks, and adds the certificate
to the local store. If the certificates do not match, the client
continues the validation process.
- It checks whether the certificate is trusted. This
ensures that a known authority is issuing the certificate.
- It checks whether the date on the certificate is
valid with reference to the current date.
- It checks whether the host name on the certificate
matches the date on the server.
If the certificate passes these preceding tests, the client
adds the certificate to local store so it can be used for future
verification.
If the certificate does not pass the verification process,
the application prompts the you to either continue the connection
or terminate the connection.
- To continue the connection, click .
The certificate is added to the local store so it can be used for
future verification, and the authentication process continues.
- To terminate the connection, click .
- To get details about the certificate, click to display the Certificate Information dialog
box shown in Figure1.2. If you decide that the certificate is valid,
you can click to permanently
install the certificate.
NOTE:This store is different from local store used by LDAP client
to store trusted root certificates.