In a production environment, SSPR should trust the LDAP server’s certificate. The three scenarios based on which a secure channel can be established are:
Use a certificate issued by a generally recognized commercial certificate authority. The certificate of this authority should be present in the certificate database. If the server name in the LDAP URL is identical to the common name of the certificate, the certification process is complete.
Use a certificate issued by a private certificate authority, like Novell iManager or Microsoft Active Directory. In this case the certificate(s) of that certificate authority need(s) to be imported into the java certificate database.
Use a self signed certificate. In this case, the self signed certificate should be imported into the java certificate database
To export the certificate from eDirectory using iManager, see http://www.novell.com/communities/node/8757/exporting-ssl-certificate-using-imanager.
To export certificate from Active Directory, see http://technet.microsoft.com/en-us/library/cc772393.
The certificate database is located in the following location:
JAVA_HOME\lib\security\cacerts
where JAVA_HOME is the directory where java is installed.
Use the keytool to import the file
cd <JAVA_HOME>\jre\bin keytool -importcert -alias <alias> -file <filepath> -keystore ..\lib\security\cacerts -storepass <password>
The keytool prompts for a password, which is changeit by default.