Import certificates for mutual authentication
when you need the external LDAP server to authenticate the CMM and
the CMM to
authenticate the external LDAP server.
There are two ways to establish mutual authentication
between the CMM and
an external LDAP server. When you use either method, you must also
perform the steps for non-mutual authentication.
- Export the chassis Certificate Authority (CA) certificate and
import it into the trust store for your external LDAP server. This
allows mutual authentication between the LDAP server and all elements
in the chassis that have their security configuration automatically
provisioned.
- Export a certificate-signing request (CSR) from the CMM and
have it signed by a Certificate Authority that the LDAP server already
trusts. This method provides mutual authentication between only the CMM and
the LDAP server.