Connect to Identity Sources Using LDAPS
By default, Active Directory Domain Services bind to port 389 for insecure LDAP requests and port 636 for LDAP over SSL (LDAPS). Although port 636 is open in the Windows firewall and accepts Transmission Control Protocol (TCP) connections, any directory requests made over this port are rejected if the Domain Controller (DC) does not have a trusted certificate to bind to the service during startup.
If you are connecting to your Identity Source securely using LDAPS, you need the SSL certificate from your LDAP directory server when configuring the connection in the Cloud Administration Console. The following are some methods for retrieving the certificate.
Ask your directory server administrator for the certificate chain. When you add your connection to the LDAP directory (following the steps in your Quick Setup Guide), upload this file in the SSL Certificates section.
If you are unable or prefer not to request the SSL certificate from your directory server administrator, you can use OpenSSL to obtain it. Follow these steps:
After you add your identity router (following the steps in your Quick Setup Guide), access SSH on your identity router using the instructions in Access SSH for Identity Router Troubleshooting.
From the identity router command line, query the directory server to obtain the certificate chain using the following command:
openssl s_client -showcerts -connect LDAP.SERVER:636
where LDAP.SERVER is the LDAP directory server that has the full certificate chain loaded on it. (You might have to ask your directory server admin to know which directory server to query.)From the output, copy the sections starting from and including the BEGIN CERTIFICATE line to (and including) the last END CERTIFICATE line. Paste these lines into a local file on your desktop and name the file, for example, Idaps.pem.
When you add your Identity Source connection to the LDAP directory (following the steps in your Quick Setup Guide), upload this file in the SSL Certificates section.
Related Articles
How to configure LDAP synchronization from RSA ACE/Server 5.2 to Microsoft Active Directory 2003 Number of Views Cloud Access Service - Administrators Number of Views Configure RADIUS Settings Number of Views Network controller stopped getting new usermaps after using Secure LDAP (LDAPS) with RSA DLP Number of Views Patching RSA Governance & Lifecycle fails with error Unable to connect to controller. Number of Views
Trending Articles
RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.9 Release Notes (January 2026) How to install the jTDS JDBC driver on WildFly for use with Data Collections in RSA Identity Governance & Lifecycle RSA Authentication Manager 8.8 Setup and Configuration Guide Artifacts to gather in RSA Identity Governance & Lifecycle
