72 Chapter 3 Using certificatesNN46110-600Installing LDAP certificatesThe LDAP connection between the VPN Router and the directory server isauthenticated asymmetrically. Initially a one-way authenticated SSL connection isestablished when the directory server passes its certificate to the VPN Router.After SSL authentication is established, the VPN Router authenticates itself to thedirectory server by presenting its LDAP bind DN and password.For the SSL connection to be successful, the VPN Router must trust the issuer ofthe certificate presented by the directory server during the initial SSLauthentication.To import an LDAP proxy SSL proxy certificate:1 Select System > Certificates and select Import.2 Paste the PKCS #7 formatted CA certificate into the input box.3 Click OK.To import an LDAP SSL certificate:1 Select Servers > LDAP.2 Click Import Secure LDAP (SSL) CA certificate.3 Paste the PKCS #7 formatted CA certificate into the input box.4 Click OK.LDAP special charactersYou use the LDAP special character enhancement to create certificate subject DNscontaining previously unsupported special characters, such as the comma. Thisenhancement is compliant with RFC 2253.