When a LDAP client is attempting to use SSL/TLS to connect to a CA Directory LDAP service, we were experiencing certifcate issue, we were told that import the  client application certificate to the LDAP server for trust.

Why is it not looking under the javakeystores directory under ,/config/ssld?

How is this location configured?

Release 14.1
Component: CA Directory

The whole need of this newer javakeystores feature is about certificate management. For Broadcom, we need to consider how a new feature is going to impact our existing codes and customer implementation.

In short, none of the DSAs actually interacts with the javakeystores at all. Only dxcertgen is playing the middleman role to allow the same private/public key pair to be used to issue the DSAs certificate and hence to update the file system. Please see the following document for more information:

About the DXcertgen tool

Then you would probably realize that the javakeystores allows the preservation of private key/public key used to create other certificates needed by all involved DSAs and sometime DNs and continue to use the existing file systems to prevent code changes. Without the preservation of the previously used private key/public key pair, when a new DSA is created on the Directory Server, the rerun of the dxcertgen will create a new private key and hence a new public key. As a result, any places where the old certificate authority certificate exists will need to be updated with the new one to not to disrupt the existing trusted TLS/SSL connections to the Directory Server.

• DXcertgen Tool -- Generate and Work with Certificates
• About the DXcertgen tool