To authenticate an LDAP server with the CMM,
you must import either the certificate of the LDAP server or the certificate
of the Certificate Authority (CA) which signed the LDAP server certificate.
The process for importing either an LDAP server certificate or the
certificate of the CA with non-mutual authentication is the same.
Import a certificate by using non-mutual external
authentication when you only have to authenticate the LDAP server
with the
CMM.
You can authenticate the LDAP server with the
CMM using
the
CMM management
interface.
Note: Certificates must be signed using SHA-1 hashes, SHA-2
hashes are not supported.
To import an LDAP certificate or a CA, by using non-mutual
authentication, complete the following steps:
- Obtain the external LDAP certificate or CA and
place it on the server that will be used to import it. Depending on
your CMM configuration,
supported server types can include TFTP, FTP, HTTP, HTTPS, and SFTP.
- Start a CMM management
session:
- To start the CMM web
interface, see Starting the web interface for instructions.
- To start a CMM CLI
session, see Starting the command-line interface for instructions.
Note: For the CLI, the
sslcfg command
must be targeted to the primary
CMM.
The following example assumes that the command environment has been
set to the primary
CMM through
the
env command (see
env command for information about command
use). If the command environment has not been set to the primary
CMM,
you can direct the command to the primary
CMM by
using the
-T mm[p] option, (see
Command targets for information).
- Import the external LDAP certificate or CA into the CMM: