The LDAP - TLS Profile is used to add the Domain Controller root certificate to the SBC.
Command Syntax
To configure ldapTlsProfile
set profiles security ldapTlsProfile <Profile Name> ldapCaCerts <PkiRootCertificateFile Name>
To delete AD Root certificate
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts <Certificate Name>
Command Parameters
The parameters ldapTlsProfile and ldapCaCerts are as shown below:
| Parameter | Length/Range | Default | Description | M/O |
|---|---|---|---|---|
| ldapTlsProfile | N/A | defaultLdapTlsProfile | The name of LDAP-TLS profile | M |
| ldapCaCerts | N/A | N/A | The name of CA certificate referred by LDAP-TLS profile | M |
Command Example
Note
Ensure you perform the following steps before you perform the configuration.
- Load the root certificate to /opt/sonus/external directory by copying the downloaded certificate file or through the EMA.
- Convert the root certificate file into .der file: openssl x509 -inform PEM -in <infile.cer> -outform DER -out <outfile>.der.
- To configure the AD root certificate:
set system security pki certificate PkiCert type remote fileName ldapFirst.der state enabled
- To configure the LdapTlsProfile:
set profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert
- To delete the AD root certificate:
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert
Overview
Content Tools