The LDAP - TLS Profile is used to add the Domain Controller root certificate to the SBC.

Command Syntax

To configure ldapTlsProfile
set profiles security ldapTlsProfile <Profile Name> ldapCaCerts  <PkiRootCertificateFile Name>
To delete AD Root certificate
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts <Certificate Name>

Command Parameters

The parameters ldapTlsProfile and ldapCaCerts are described below:

ParameterLength/RangeDefaultDescriptionM/O
ldapTlsProfile

N/A

defaultLdapTlsProfile

<profile name> – The name of LDAP-TLS profile.

M
ldapCaCertsN/AN/A<profile name> – The name of CA certificate referred to by the LDAP-TLS profile.M

Command Example

Note

Ensure you perform the following steps before you perform the configuration.

  1. Load the root certificate to /opt/sonus/external directory by copying the downloaded certificate file or through the EMA.
  2. Convert the root certificate file into .der file: openssl x509 -inform PEM -in <infile.cer> -outform DER -out <outfile>.der.
  • To configure the AD root certificate:
set system security pki certificate PkiCert type remote fileName ldapFirst.der state enabled
  • To configure the LdapTlsProfile:
set profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert
  • To delete the AD root certificate:
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert