- An Enterprise PKI (EPKI) Agreement. The article Enterprise PKI (EPKI) Agreement Setup provides instructions for this.
Create LDAP Setting
- Login to your SSL.com account and click the LDAP tab on the top menu, followed by the + Create LDAP Setting button.
- Configure LDAP Sync. Fill out the required fields to implement the LDAP integration. Afterwards, click the Save button followed by the Test Connection button.
- IP or Host – This is where the Ssl system will connect when querying your LDAP Directory.
- Port – Specify which Port is to be used at the provided IP.
- Base DN – A User Base DN is the point from where a server will search for users. An LDAP search for the user admin will be done by the server starting at the provided User Base DN (example: ‘dc=sslcom,dc=link’).
- Username – In order to query for Active Directory Groups, we will need credentials. This profile must be in the provided User Base DN.
Use LDAP for Issuance of S/MIME Certificates
- Once the settings are created, it will look like the following. Click import users so that the users from LDAP connection will be imported to SSL.com’s system.
- Click List Users so that the imported users can load.
- Under the Status column, you will see enrolled, processing, or pending.
- enrolled – This means the certificate has been created in SSL.com and added to LDAP
- processing – This means the certificate order has been created but not validated and the certificate has not been generated.
- pending – this means the user has not yet requested for any certificate enrollment.
- For users assigned to pending status, there is a checkbox to select the user and enroll an S/MIME certificate order.
- Each user will be assigned a new certificate order from here. The process will then proceed to order validation and certificate issuance.
- After successful issuance of the certificate, it can be added or replaced to LDAP users.