Hi all,
I am setting up my new Defense Center 6.0.1 (VM), which will manage a single 5508X. I am building my policies and am trying to get my realm working. I will run LDAP queries against two Windows 2012 R2 DC's. These DC's use self-signed certs, named dc1.domain.com and dc2.domain.com. I have copies of these certs in PFX format, and would like to upload them into the Defense Center so that I can secure my LDAP queries using LDAPS. As they are self-signed, they would need to be Trusted Cert Authorities.
I am familiar with the upload process, however whenever I try to upload the PFX certs, I receive error 'Error uploading file. Please verify that this is a certificate and it uses a supported PKCS encoding.' I have used OpenSSL to convert the PFX certs to PEM format, which Defense Center can then read; however when I try to use this imported cert to secure LDAP, the Test connection fails. Using the ldp.exe utility on Windows, I am able to successfully connect to the domain controllers on port 636 using LDAPS.
My question is: What type of cert does Defense Center "like" best? Should I be using CRT or CER format certs instead of PEM?
My OpenSSL command was: openssl pkcs12 -in cert.pfx -out cert.pem -nodes