If the LDAP connection is over unsecured networks, it is recommended that UNIFYBroker (acting as the LDAP server) and the connected identity management system (acting as the LDAP client) be configured so that LDAP traffic is encrypted using Transport Layer Security (TLS). To do so, a certificate is needed. See the appropriate section below for instructions on how to configure or generate certificates.
See LDAP Security for more information on this topic.
Configuring a Certificate in UNIFYBroker
On the Settings page, click the Edit button under the Certificate Management section.
Select the Store Name, Store Location, and add as many Certificate Attributes to uniquely identify the certificate.
Click Save. If no warning messages are displayed, UNIFYBroker is configured for use with the certificate.
Generating a Certificate
A certificate can be generated if one is not available from other sources already with the Microsoft Windows Software Development Kit component makecert (or through the Visual Studios Command Console command of the same name):
makecert -r -pe -n CN="Unify.IdentityBroker" -b 01/01/2015 -e 01/01/2016 -eku 18.104.22.168.22.214.171.124.1 -ss my -sr currentuser -sky exchange -sp "Microsoft RSA SChannel Cryptographic Provider" -sy 12
Customer support service by UserEcho