Configuring an LDAP server in SSL mode requires a certificate database on Content Server. The certutil utility is used to load CA certificates into the database.
To download CA certificates:
Download the certutil utility from the following site:
ftp://ftp.mozilla.org/pub/mozilla.org/security/nss/releases/
Copy the utility to %DM_HOME%\bin ($DM_HOME/bin).
For more information about the utility, refer to http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html.
Download CA certificates from the web site of the vendor who provided the directory server with the SSL server certificate.
You must download the Root Certificate Authority and the issuing certificate authorities all the way up to the self-signed root certificate.
Create the cert.db file, as follows:
On Windows:
certutil -N -d %DOCUMENTUM%\dba\secure\ldapdb
On UNIX:
certutil -N -d $DOCUMENTUM/dba/secure/ldapdb
Add the Root Certificate Authority to the database and provide the necessary trust level:
certutil -A -n "documentum ldap root" -t "C,C,C" -i rootcert.crt
Install any remaining CA certificates in the chain:
certutil -A -n "documentum ldap sub root" -t "C,C,C" -i subrootcert.crt
Starting with the 7.0 release, the only way to install a certificate is through the Documentum Administrator interface. Take the LDAP certificate from the LDAP server environment and import it into Content Server using Documentum Administrator.