Exporting your Active Directory Certificate
As an Administrative user on your Active Directory server:
- Open the Microsoft Management Console by running mmc.exe.
- Add the Certificates snap-in for the Computer Account (select the Local Computer).
- Locate your certificate in the resulting tree. If you are using a self-signed certificate then this will appear under the Personal folder.
- Right click on the certificate, select All Tasks > Export.
- Export the certificate (without the private key but will all associated trusted certificates) in Base 64 format.
Creating a Keystore
Once the certificate has been exported you will be able to create a keystore with this certificate that you can use to access your Active Directory server.
- To do this you will use the keytool (keytool.exe on Windows) utility supplied with your Java runtime with the following command:
keytool -import -alias ldap -file <certificate file> -keystore shdomain.ks
- Enter a secure password for your keystore. This will create a keystore file called shdomain.ks