Skip to main content

Importing an LDAP certificate with mutual authentication

Import certificates for mutual authentication when you need the external LDAP server to authenticate the CMM and the CMM to authenticate the external LDAP server.

There are two ways to establish mutual authentication between the CMM and an external LDAP server. When you use either method, you must also perform the steps for non-mutual authentication.

  • Export the chassis Certificate Authority (CA) certificate and import it into the trust store for your external LDAP server. This allows mutual authentication between the LDAP server and all elements in the chassis that have their security configuration automatically provisioned.
  • Export a certificate-signing request (CSR) from the CMM and have it signed by a Certificate Authority that the LDAP server already trusts. This method provides mutual authentication between only the CMM and the LDAP server.
  • Mutual authentication using CA
    To use the CMM certificate authority (CA) with an external LDAP server, you must import the CA certificate into the external LDAP server trust store. Up to three trusted certificates can be imported.
  • Mutual authentication of CSR
    To establish mutual authentication between the CMM and an external LDAP server, have the CMM certificate-signing request (CSR) signed by an outside Certificate Authority (CA) using the CMM management interface.