Server TLS/SSL Certificate

LDAP Synchronization Tool uses the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols to connect to the authentication server, which requires the identification of the authentication server with a valid TLS/SSL certificate. LDAP Synchronization Tool has two ways of handling server TLS/SSL certificates, depending on the connection settings specified in the LDAP Synchronization Tool Configuration Utility:

• If Verify SSL is selected (recommended), a connection to the authentication server will be established only if the server certificate is trusted. LDAP Synchronization Tool will check whether communication is encrypted with a certificate that was signed by a certificate from the Trusted Root Certification Authorities certificate store (Windows), or from the path provided in the LDAP Synchronization Tool Configuration Utility (Linux).

• If Verify SSL is not selected, the server certificate is not verified. Any SSL server certificate will be accepted, regardless of whether it is trusted.

Because accepting any SSL certificate from the server constitutes a major security risk, always select Verify SSL when in production mode.

You should disable this check only for evaluation or testing purposes, if required.

The steps to ensure the server TLS/SSL certificate is trusted depend on the used server certificate type:

• If you intend to use the self-signed certificate created during OneSpan Authentication Server installation, you must import the ikey_soap_serverca.pem certificate file to the computer where LDAP Synchronization Tool is running.

• If you want to use your own enterprise TLS/SSL certificate trusted by your enterprise certification authority (CA), you need to configure certificate trust accordingly for the respective domain(s).

• If you intend to use a public trusted certificate, no further steps are required to establish certificate trust. The certificate will be trusted automatically.