Add the LDAPTrustedGlobalCert directive to httpd.conf if
the IBM HTTP
Server connection to the LDAP server is an SSL connection. The
LDAPTrustedGlobalCert directive specifies the directory path and file name
of the trusted certificate authority (CA) that mod_ldap uses when establishing
an SSL connection to an LDAP server.
Certificates can be stored in
a .kdb file or a SAF key ring. If a .kdb file
is used, a .sth file must be located in the same directory
path and have the same filename, but the extension must be .sth instead
of .kdb.
The LDAPTrustedGlobalCert
directive must be a CMS_KEYFILE value type. Use this value if the certificates
indicated by the LDAPTrustedGlobalCert directive are stored in a .kdb file.
LDAPTrustedGlobalCert CMS_KEYFILE /path/to/keyfile.kdb myKDBpassword
Example when the certificate is stored in a SAF key ring.
LDAPTrustedGlobalCert SAF saf_keyring
Important: The user ID that you use to start IBM HTTP Server
must have access to the SAF key ring that you name in this directive. If the
user ID does not have access to the SAF key ring, SSL initialization fails.
See Performing required z/OS system configurations for
information on accessing SAF key rings defined in RACF®.