Customers frequently ask what information is supposed to be entered in the Certificate fields section of the LDAP configuration page in the EEM user interface.
Release: All Supported Versions
Component: CA EMBEDDED ENTITLEMENTS MANAGER
The fields are arranged in the order they appear when selecting the LDAPS option in the EEM UI User Store connection settings window. All paths below can be written literally, or else EEM assumes the files are taken from the EIAM_HOME environment variable as the start point if using just the file name. Please include the file extension.
This is the field you specify the Certificate Authority certificate which will be used by EEM server to validate the certificate sent by LDAP Server. If the customer does not provide any certificate over here, EEM server will accept any certificates which it receives from LDAP during SSL/TLS handshake. This is not ideal in a secure environment, but EEM will accept the certificate presented by the LDAP server and use it it the LDAP server does not require one be present on the client machine (EEM server). This is possible because SSL/TLS protocol does not mandate use of client certificate. It’s optional and will depend upon how LDAP Server is configured. This field is what has been by experience, the most widely used option for connection from EEM to LDAP over a secure port (636, 3269).
If you decide to use the LDAPS+TLS option, nothing changes with regard to the above descriptions in terms of configuration, except that TLS is a more secure protocol than SSLv3.