Exporting and installing SSL certification files
If you want to communicate with an LDAP server configured for SSL encryption, you must obtain the necessary certificate file from the LDAP server and install it into a trusted certificate store on your instance server.
Before you start, ensure that the LDAP server is configured for SSL and has a server authentication certificate to deploy onto the instance server.
It is important to ensure that the Network Service account on the LDAP server has read permissions for the server authentication certificate.
Please refer to the following link for more information on setting up LDAP over SSL:
https://msdn.microsoft.com/en-us/library/cc725767(v=ws.10).aspx\#BKMK\_1
Exporting the SSL certificate using a private key
To obtain the SSL certificate from the LDAP server, follow the steps below:
On the LDAP server, go to Start > Run and enter "mmc".
In the console, go to File > Add/Remove Snap-in.
Select the Certificates snap-in, click Add, then OK.
Select Computer account, then click Next .
Select Local computer, then click Finish.
On the console, expand the Certificates (Local Computer) drop-down.
Navigate to the Personal > Certificates folder.
Locate the server authentication certificate, right-click the certificate, and select Copy.
Right-click on the Trusted Root Certification Authorities > Certificates folder and select Paste.
From the same folder, locate and right-click the certificate you pasted. Select All Tasks > Export.
When prompted on the Certificate Export Wizard, select Yes to export the private key, then click Next .
The format should default to Personal Information Exchange. Leave the default selections and click Next .
Enter a password for the private key and click Next .
Specify a file location for the certificate file, then click Next .
Finish the export.
Alternative methods for exporting the SSL certificate
If you cannot or prefer not to use a private key, you can use one of the following methods:
Request from their LDAP administrator to request .cer files for the LDAP Server from an LDAP administrator in your organization.
Obtain and extract each certificate in the chain using wget. Contact Support for assistance with this method.
Use the process detailed in Microsoft Documentation at Export trusted client CA certificate chain for client authentication - Azure Application Gateway. See the sections on:
Exporting the server certificate from Personal\Certificates as a base-64 encoded .cer file without private key.
From that exported certificate, extracting all other certificates in its certificate chain as base-64 encoded .cer files without private key.
Installing the SSL certificate onto the Bravura Security Fabric server
To install the SSL certificate onto the instance server, follow the steps below:
Copy the exported certificate file (.pfx) from the LDAP server onto the instance server (any directory).
Double-click the file, select Local Machine, then click Next .
Confirm file to import, then click Next .
Enter the password for the private key (set from export process above), then click Next .
Select Place all certificates in the following store, and click Browse.
Select the Trusted Root Certification Authorities certificate store, then click Next .
Finish the import.