20.2 Validating an LDAP SSL Server Certificate
During LDAP connection, client receives the root certificate from the server so that client can verify the trustworthiness of the server. The client uses the following process to validate the certificate:
-
It compares the current certificate with previously stored certificate, if any. If both certificates match, the client does not perform further checks, and adds the certificate to the local store. If the certificates do not match, the client continues the validation process.
-
It checks whether the certificate is trusted. This ensures that a known authority is issuing the certificate.
-
It checks whether the date on the certificate is valid with reference to the current date.
-
It checks whether the host name on the certificate matches the date on the server.
If the certificate passes these preceding tests, the client adds the certificate to local store so it can be used for future verification.
If the certificate does not pass the verification process, the application prompts you to either continue the connection or terminate the connection.
Figure 20-1 Certificate Verification
-
To continue the connection, click . The certificate is added to the local store so it can be used for future verification, and the authentication process continues.
-
To terminate the connection, click .
-
To get details about the certificate, click to display the Certificate Information dialog box shown in the above figure. If you decide that the certificate is valid, you can click to permanently install the certificate.
NOTE:This store is different from the local store used by LDAP client to store trusted root certificates.
Figure 20-2 Certificate Information
