Securing LDAP with an InCommon cert

I'm trying to set up secure LDAP between my organization and its parent
entity. Their cert provider is InCommon, so I had to submit my CSR to
them. I created the CSR in iManager and submitted it, and received the
following in reply:

=========================================================================================
* Click the following link to download your SSL certificate (generally
try to use a version that includes intermediates

Tags:

  • On 6/19/2013 3:51 PM, Douglas Black wrote:
    > I'm trying to set up secure LDAP between my organization and its parent
    > entity. Their cert provider is InCommon, so I had to submit my CSR to
    > them. I created the CSR in iManager and submitted it, and received the
    > following in reply:
    >

    [snip]
    >
    > When I submitted the CSR to InCommon, I specified the server type as
    > 'other', since "Novell eDirectory" wasn't a choice.
    >
    > If I download the first cert and import it to the KMO object, I get "A
    > certificate was not found in the NDS tree certificate authority (CA)
    > object or Server Certificate Object (also known as the Key Material
    > Object)."
    >
    > If I download "X509 Certificate only" and "X509 Intermediates/root only"
    > (both Base64 encoded), I get "PKI ERROR -1227 - A link within the
    > certificate chain in a Server Certificate Object (also known as the Key
    > Material Object) is missing or is invalid."
    >
    > Does anyone know how to make this work?
    >


    The answer turned out to be "convert the 'all in one' certificate to a
    P7B cert". If this was obvious to everyone but me, I apologize for
    wasting bandwidth.