1. In the Run box, type mmc and press Enter.
2. In the MMC interface, select File > Add/remove snap-in.
3. Select Certificates from the list of available snap-ins and add it.  At the prompt select Computer Account  then click Next and Finish. 
4. On the left pane, expand Certificates and select Personal > Certificates.
5. Right-click on the certificate that has the hostname of the server with the longest Expiration Date.
6. Click Export and select No, Do not export private key.
   Select DER encoded binary  x509 (.CER) and click Next.
7. Browse for the destination where the certificate will be exported and name it,  For example, ldapserver.
8. Click Next and Finish.
9. Move the exported certificate to the root folder on the C:\ drive of your RSA DLP Enterprise Manager server.

1. In the Run box, type cmd.  When the program displays, right click and choose Run as administrator.
2. Navigate to C:\Program Files\Java\jre1.7.0_25\lib\security.
3. Run the following command:

"C:\Program Files\Java\jre1.7.0_25\bin\keytool.exe" -import -file C:\<certname>.cer -keystore cacerts -storepass changeit

1. Using the command below, verify that the LDAP certificate has been added to keystore:

C:\Program Files\Java\jre1.7.0_25\bin>keytool -list -keystore "C:\Program Files\Java\jre1.7.0_25\lib\security\cacerts" -storepass changeit -v > C:\dumpcerts.txt

1. Using a text editor, open the dumpcert.txt file.  The certificate should be listed in the file.
2. In the EM GUI go to > Settings > LDAP Configuration > port = 636 then check the Encrypted box.