How to use a Certificate authentication to connect to a ONTAP 8.3 Cluster in Posh?

Similar Messages

• Need help on how to use conference facility within adobe connect

  I need some help on how to use conference facility within adobe connect?

  I'd recommend you start here: Getting Started with Adobe Connect - Adobe Connect User Community

• How to use labview with gpib to connect with Agilent PNA E8362B ?i am newbie ..just started to work on labview about a fortnite bck and a novice in interfacing skill ..so plzzzzz explain me in a litle detail

  how to use labview with gpib to connect with Agilent PNA E8362B ?i am newbie ..just started to work on labview about a fortnite bck and +i am a novice in interfacing(networking... jst know tidbits) skill ..so plzzzzz explain me in a litle detail

  Sir
  We were able to solve that problem...but now could you advice as to which DC power supply we should use (preferably avalable in India) so that it can be controlled by Labview (through a gpib/rs232/any other port) to give a square wave of desired frequency/other parameters.
  Regards
  Shivam

• How to use labview with gpib to connect with Agilent PNA E8362B ?

  how to use labview with gpib to connect with Agilent PNA E8362B ?i am newbie ..just started to work on labview about a fortnite bck and +i am a novice in interfacing(networking... jst know tidbits) skill ..so plzzzzz explain me in a litle detail

  Duplicate Post.

• How to use the iphone 5 s connect the computer?I want copy photo from computer.

  how to use the iphone 5 s connect the computer?I want copy photo from computer.Who can teach me~thank^^

  You can move a photo from the computer to the phone using any of the following:
  iTunes sync: http://support.apple.com/kb/HT4236
  Photo Stream: http://support.apple.com/kb/HT4486
  3rd party apps such as: http://www.photosync-app.com

• How to use CLIENT-CERT authentication?

  Hi,
  I would like to know how to use client authentication.
  I used a web application with CLIENT-CERT authentication.
  And I accessed to the application from browser, then I had the following error
  message:
  Incorrect or missing client certificate.
  I used OpenSSL to generate keys.
  Could you tell me the information of the setting?
  Especially, I don't know theentry of CertAuthenticator.
  Could you tell me?
  Regards,
  Kuniaki Hagiwara - HP Japan

  Thank you for your response.
  Yes we have added the client certificate file (.pfx) in the Firefox browser Certificate manager / Store. It's also showing the certificate in the View Certificate window. We could not resolve it yet.

• How would i setup certificate authenticated activesync on a windows phone 8 device? Without intune or sccm?

  I've searched all over for this and can find no clues in the interface.
  We have certificate authentication to activesync, via tmg working well for IOS devices and android, we issue the user a certificate, they use it to authenticate, boom no problems.
  We're considering a move to issuing windows phone 8 devices as well, yet i see no way, or instructions on how to actually set these things up to authenticate with a certificate? I see some rumblings about airwatch and sccm with intune, but i don't want to
  pay for a subscription just to use this when it works fine without on other platforms.
  Can anyone shed any light?
  Many thanks,
  Jim

  Hi - we're authenticating with internally issued certificates against a TMG listener, not sure if that is or isn't mutual certification - I have installed the root on the devices so they are trusted, works great with ios, android etc.
  The main issue is there is no place in the setup where you can specify the certificate to use, i have a feeling they (like blackberry) are railroading you into using a paid for mdm solution for cert auth. Be delighted if that isn't the case tho. It is easy
  enough to do this for WP8 with SCCM and InTune but i'm not keen on taking out a subscription just for WP8 devices when we can do it gratis with ios and android.
  Thanks for the reply.
  Jim

• How to use SSL certificates in OSX Server

  I have setup OSX server with a host name that is pointed properly to my OSX server. My question is about using certificates that were purchased through my domain registrar.
  I bought a cert and after the validation process, I was given a link to download 4 certificate files.
  AddTrustExternalCARoot.crt
  DV_NetworkSolutionsDVServerCA2.crt
  DV_USERTrustRSACertificationAuthority.crt
  [domain name].crt
  So after downloading these and opening them one by one, I installed them in the keychain as a system cert.
  The part I cant figure out is how to use the domain cert instead of the one that the server creates upon completion of setup (the self signed one).
  On the certificate selection in the sidebar, I can choose Import a certificate identity, but when I drag my domain cert into the box, it shows up as a non-identity cert and the Import button is still grayed out. I dragged all four certs there and all of them show as non-identity certs.
  If I go down the path of the Get a Trusted Certificate, it takes me through the CSR request which I dont think I need since i have my certificates already.
  Am I missing a step? Or do I need to export from the keychain, then import into the server application? Seems like the new certificates should show up in the server application. Any help would be greatly appreciated.

  I got the answer and wanted to post for anyone that happened to have this question.
  During the SSL cert setup, it asks where your domain is hosted and since it was hosted by Network Solutions, I chose that option which doesnt do the CSR request. I had to choose Other/VPS.
  Once I did that, I was able to generate a CSR in the server application and get my certificate issued again by pasting the request code on my registrars website. Once I received those certs, I dragged my domain cert into the Pending one listed in the certificate list.
  Also I chose Apache/ModSSL as the type of server. Hope that helps and new people like myself in setting up the server application.

• How do I get certificate authentication working across multiple domains?

  Hi,
  I've got LC ES2 set up for certificate authentication and when there's only one domain (with a single certificate mapping set up), it works fine.
  However would like to have multiple domains (application specific), with a small set of administrator type users who manage all of the domains.
  To test, I've set up two domains, with the admin users in one and the normal users in the other.
  I've set up two certificate mapping rules (both for the same CA), one for each domain.
  However LC will only authenticate users who are matched using the first certificate mapping rule.
  Has anyone else seen/tried this?  Have I missed something obvious?
  For the moment I'm going to have to work with a single domain, which is a pain, but will have to do for now.
  Thanks
  Craig
  Here's the error I get when LC fails to match (or attempt to match?) on the second cert mapping rule:
  2010-05-11 11:23:41,331 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
  2010-05-11 11:36:38,835 WARN  [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping . Refer to debug level logs for category com.adobe.idp.um.businesslogic.authentication for further details
  2010-05-11 11:36:38,885 ERROR [STDERR] 11/05/2010 11:36:38 AM com.adobe.rightsmanagement.webservices.rest.RestServlet doAction
  SEVERE: Unexpected exception in Rest Call
  com.adobe.idp.um.api.UMException| [com.adobe.idp.um.api.impl.AuthenticationManagerImpl] errorCode:16423 errorCodeHEX:0x4027 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mappingcom.adobe.idp.common.errors.exception.IDPException| [com.adobe.idp.um.businesslogic.authentication.AuthenticationManagerBean] errorCode:12805 errorCodeHEX:0x3205 message:Authentication failed for  (Scheme - Certficate) Reason: Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping
  at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:251)
  at com.adobe.idp.um.api.impl.ManagerImpl.handleException(ManagerImpl.java:194)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:338)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:154)
  at com.adobe.idp.um.api.impl.AuthenticationManagerImpl.authenticate(AuthenticationManagerImp l.java:162)
  at com.adobe.idp.um.dsc.util.dscservice.UserManagerUtilServiceImpl.authenticateWithWSHeaderE lement(UserManagerUtilServiceImpl.java:173)
  at sun.reflect.GeneratedMethodAccessor1065.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at com.adobe.idp.dsc.component.impl.DefaultPOJOInvokerImpl.invoke(DefaultPOJOInvokerImpl.jav a:118)
  at com.adobe.idp.dsc.interceptor.impl.InvocationInterceptor.intercept(InvocationInterceptor. java:140)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.DocumentPassivationInterceptor.intercept(DocumentPassi vationInterceptor.java:53)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor$1.doInTransaction(Transa ctionInterceptor.java:74)
  at com.adobe.idp.dsc.transaction.impl.ejb.adapter.EjbTransactionBMTAdapterBean.doRequiresNew (EjbTransactionBMTAdapterBean.java:218)
  at sun.reflect.GeneratedMethodAccessor363.invoke(Unknown Source)
  at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
  at java.lang.reflect.Method.invoke(Unknown Source)
  at org.jboss.invocation.Invocation.performCall(Invocation.java:359)
  at org.jboss.ejb.StatelessSessionContainer$ContainerInterceptor.invoke(StatelessSessionConta iner.java:237)
  at org.jboss.resource.connectionmanager.CachedConnectionInterceptor.invoke(CachedConnectionI nterceptor.java:158)
  at org.jboss.ejb.plugins.CallValidationInterceptor.invoke(CallValidationInterceptor.java:63)
  at org.jboss.ejb.plugins.AbstractTxInterceptor.invokeNext(AbstractTxInterceptor.java:121)
  at org.jboss.ejb.plugins.AbstractTxInterceptorBMT.invokeNext(AbstractTxInterceptorBMT.java:1 73)
  at org.jboss.ejb.plugins.TxInterceptorBMT.invoke(TxInterceptorBMT.java:77)
  at org.jboss.ejb.plugins.StatelessSessionInstanceInterceptor.invoke(StatelessSessionInstance Interceptor.java:169)
  at org.jboss.ejb.plugins.SecurityInterceptor.invoke(SecurityInterceptor.java:168)
  at org.jboss.ejb.plugins.LogInterceptor.invoke(LogInterceptor.java:205)
  at org.jboss.ejb.plugins.ProxyFactoryFinderInterceptor.invoke(ProxyFactoryFinderInterceptor. java:138)
  at org.jboss.ejb.SessionContainer.internalInvoke(SessionContainer.java:648)
  at org.jboss.ejb.Container.invoke(Container.java:960)
  at org.jboss.ejb.plugins.local.BaseLocalProxyFactory.invoke(BaseLocalProxyFactory.java:430)
  at org.jboss.ejb.plugins.local.StatelessSessionProxy.invoke(StatelessSessionProxy.java:103)
  at $Proxy179.doRequiresNew(Unknown Source)
  at com.adobe.idp.dsc.transaction.impl.ejb.EjbTransactionProvider.execute(EjbTransactionProvi der.java:145)
  at com.adobe.idp.dsc.transaction.interceptor.TransactionInterceptor.intercept(TransactionInt erceptor.java:72)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.InvocationStrategyInterceptor.intercept(InvocationStra tegyInterceptor.java:55)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.InvalidStateInterceptor.intercept(InvalidStateIntercep tor.java:37)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.AuthorizationInterceptor.intercept(AuthorizationInterc eptor.java:165)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.interceptor.impl.JMXInterceptor.intercept(JMXInterceptor.java:48)
  at com.adobe.idp.dsc.interceptor.impl.RequestInterceptorChainImpl.proceed(RequestInterceptor ChainImpl.java:60)
  at com.adobe.idp.dsc.engine.impl.ServiceEngineImpl.invoke(ServiceEngineImpl.java:121)
  at com.adobe.idp.dsc.routing.Router.routeRequest(Router.java:129)
  at com.adobe.idp.dsc.provider.impl.base.AbstractMessageReceiver.routeMessage(AbstractMessage Receiver.java:93)
  at com.adobe.idp.dsc.provider.impl.vm.VMMessageDispatcher.doSend(VMMessageDispatcher.java:22 5)
  at com.adobe.idp.dsc.provider.impl.base.AbstractMessageDispatcher.send(AbstractMessageDispat cher.java:66)
  at com.adobe.idp.dsc.clientsdk.ServiceClient.invoke(ServiceClient.java:208)
  at com.adobe.idp.um.dsc.util.client.UserManagerUtilServiceClient.authenticate(UserManagerUti lServiceClient.java:210)
  at com.adobe.edc.server.platform.UMHelper.authenticate(UMHelper.java:549)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.validateClientAuthenticationHeader (RestFacade.java:161)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.getBusinessHandler(RestFacade.java :206)
  at com.adobe.rightsmanagement.webservices.rest.RestFacade.getAuthenticationToken(RestFacade. java:226)
  at com.adobe.rightsmanagement.webservices.rest.RestDefaultRequestHandler.handleRequest(RestD efaultRequestHandler.java:29)
  at com.adobe.rightsmanagement.webservices.rest.RestSecureRequestHandler.handleRequest(RestSe cureRequestHandler.java:13)
  at com.adobe.rightsmanagement.webservices.rest.RestRequestRouter.routeRequest(RestRequestRou ter.java:10)
  at com.adobe.rightsmanagement.webservices.rest.RestServlet.doAction(RestServlet.java:50)
  at com.adobe.rightsmanagement.webservices.rest.RestServlet.doGet(RestServlet.java:37)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:690)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:803)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:290)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.jboss.web.tomcat.filters.ReplyHeaderFilter.doFilter(ReplyHeaderFilter.java:96)
  at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.j ava:235)
  at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
  at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:230)
  at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:175)
  at org.jboss.web.tomcat.security.SecurityAssociationValve.invoke(SecurityAssociationValve.ja va:179)
  at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:84)
  at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:128)
  at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:104)
  at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java: 157)
  at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
  at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:241)
  a
  2010-05-11 11:36:38,886 ERROR [STDERR] t org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:844)
  at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.ja va:580)
  at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:447)
  at java.lang.Thread.run(Unknown Source)

  Craig,
  The certificate mapping works in the following manner,
  First the User's certificate is validated.
  If the certificate is valid, the related Certificate mapping information is fetched.
  From the Certificate Mapping information, the domain is determined.
  Following this, the user is searched in the domain and checked for it's current/deleted status.
  If user exists or is a valid one, then return an AuthResult corresponding to that is returned to the client.
  The error log below says, "Certificate Authentication failed since no user exists in the system that satisfies the certificate mapping"
  1. Please check if the concerned user exists in the domain registered in the second cert mapping.
  2. Also check if the concerned user satisfies the attribute mapping specified in the second cert mapping.
  3. Could you confirm whether the admin Users and the normal users are distinct in both the domains and not duplicate in any of them??
     Because if same user exists in 2 domains, then there is no way to find out which domain you are referring to. In that case the first domain which declares the user as valid will return the AuthResult.
  4. You are using LC ES2, so there is a Test Certificate utlity on the same Certificate Mapping page, which can help you confirm the validity of the user's certificate and then you can proceed.

• Yoga2 Pro - how to use tablet as a projector connected with TV decoder via hdmi cable?

  Hi, My TV is broken and I would like to use my tablet as projector connected via HDMI cable from TV decoder to my tablet. What should I do? How to configure and which apllication I should use?

  You will need to choose the correct (Input) on the TV for the MacBook.....say your cable box is set to HDMI !.....and your MacBook is on HDMI 2.....you will need to select HDMI 2 from the TV's menu for the signal from the MacBook to show on the TV screen.......the selection choices are examples as I do not know exactly how you have things connected......

• How to use Chained Certificates from CA (Thawte) ?

  Hi,
  I have an application which does the communication over secured channel to another site(Say www.XYZ.com) over internet, for this xyz.com has given a certificate which is used for secured communication. Till the time certificate was self signed certificate i did not have any problem. I use to import certificate in trusted store and use it with the help of JSSE.
  Now the problem is xyz.com has given a new certificate, which is chained and issued by Thawte. Now as i understand JDK Does not come with thawte as trusted CA. so we need to add the same in the keystore. The problem i am facing is how do the chain certificates work under JAVA i.e. how the chain of certificates is created in keystore file. When i import CA's self signed certificate as documented in keytool tools documentation this completes without problem. In the documentation theres is a mention regarding importing "Certificate Reply from the CA" but there is no mention about how to import a certificate given by 3rd Party i.e. xyz.com in our case. Is "Certificate Reply from the CA" and certificate from 3rd party the same. or there is some specific way in which we have to do the import to keystore?
  Thanks in advance
  Sachin

  Thank you for taking time to reply, but this is solved now. You are right, need to import all the certificates. So what is did is exported all the certificates which were in chain from IE. Then starting from Root's self signed certificate imported all of them one by one into keystore and then provided this keystore while communication and it works
  Thanks once again
  Sachin

• How to handle Client Certificate authentication using URLRequest/URLLoader

  Hi All,
  I developed an AIR Application which communicates with a server. Protocol used for communication is HTTPS, and server has a valid certificate.
  So whenever AIR App, communicates with the server, a dialogue box prompts to select the client certificate just as show below.
  So here what I am looking at is, Any method is available to prevent this prompt.
  I have already tried the method of Enabling "Dont Prompt for client certificate selection when only one certificate exists", Of course this method will work only if multiple certificate exists, so what if multiple certificate exists.
  How an air application can handle that?
  So any one find any way to handle this. I am using URLRequest for commnicating with server.
  Here is the code snippet I have used.
  var request:URLRequest = new URLRequest(url);
  request.method = URLRequestMethod.GET;
  var urlLoader:URLLoader = new URLLoader();
  urlLoader.dataFormat = URLLoaderDataFormat.TEXT;
  urlLoader.addEventListener(Event.COMPLETE, loaderCompleteHandler)
  urlLoader.addEventListener(Event.OPEN, openHandler);
  urlLoader.addEventListener(HTTPStatusEvent.HTTP_STATUS, httpStatusHandler);
  urlLoader.addEventListener(SecurityErrorEvent.SECURITY_ERROR, securityErrorHandler);
  urlLoader.addEventListener(IOErrorEvent.IO_ERROR, ioErrorHandler);//, false, 0, true);
  Please help me...
  Thanks
  Sanal

  Yes it is possible. Refer
  Using Certificates for Authentication [http://docs.sun.com/app/docs/doc/820-7985/ginbp?l=en&a=view]
  SSL Authentication section in [http://docs.sun.com/app/docs/doc/820-7985/gdesn?l=en&a=view]
  client-auth element in server.xml [http://docs.sun.com/app/docs/doc/820-7986/gaifo?l=en&a=view]
  certmap.conf [http://docs.sun.com/app/docs/doc/820-7986/abump?l=en&a=view]
  certmap.conf should have verifycert "on", and lets say this certmap is called "cmverify" :
  certmap cmverify    default
  cmverify:DNComps
  cmverify:FilterComps    uid
  cmverify:verifycert onIn serve.xml we should have <client-auth> "required" and lets say we have an auth-db named "ldapregular":
  <http-listener>...
    <ssl>...
      <client-auth>required</client-auth>
    </ssl>
  </http-listener>
  <auth-db>
    <name>ldapregular</name><url>ldap://myldap:369/o%3DTestCentral</url>
    <property><name>binddn</name><value>cn=Directory Manager</value></property>
    <property><name>bindpw</name><value...</value><encoded/></property>
  </auth-db>In ACL file we should have method = "ssl", database = "ldapregular" and certmap = "cmverify" :# clientauth against LDAP database with special certmap which has verifyCert on
  acl "uri=/";
  authenticate (user,group) {
      prompt = "Enterprise Server";
      method = "ssl";
      database = "ldapregular";
      certmap = "cmverify";
  deny (all) user = "anyone";
  allow (all) user = "alpha,beta,gamma";

• How to use digital certificate for client authentication in PCK

  My sap jca adapter need support digital certificate on client authentication. how to implement it in j2ee or pck?
  Message was edited by: Spring Tang

  refer the following links
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/092dddc6-0701-0010-268e-fd61f2035fdd
  https://www.sdn.sap.com/irj/servlet/prt/portal/prtroot/docs/library/uuid/b2a56861-0601-0010-bba1-e37eb5d8d4a9
  please let me know if u dont find relevant information

• How to use security certificate with Business service

  Hi,
  Information:
  I need to use a security certificate for connection from Business service to legacy system.
  I have created PKI mapper in WebLogic console, deployed keystore on server and Service Key Provider in OSB.
  I can see can connect the certificate in OSB console through the Service Key Provider.
  I have done Authentication setting in the Business service "HTTP Transport Configuration" as "Client Certificate".
  Problem:
  Now whenever I try to invoke BS, the username, password and security key provider is asked at the prompt. Should not the BS collect security certificate automatically? Again,
  when i put username and password as that of WebLogic sbconsole; the error pops up with following message :
  <env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">
       <env:Header />
       <env:Body>
            <env:Fault>
                 <faultcode>env:Server</faultcode>
                 <faultstring>Failed to process signature.null</faultstring>
            </env:Fault>
       </env:Body>
  </env:Envelope>
  If I don't supply username password and certificate at the time of invoking the message pops up as : "The service requires a digital signature, you must specify a service key provider which has a digital signature credential."
  I think some mistake is done in the above steps, could anybody please clarify?

  The problem was resolved with upgrade to version 10.1.3.4.

• How to use one certificate for two directory servers?

  Hi,
  running Sun DSEE 6.3.1 on two servers, server 1 has name ds1.example.com, server 2 has name ds2.example.com. There is a round robin DNS record ds.example.com, which alternates between:
  ds1.example.com
  ds2.example.com
  and
  ds2.example.com
  ds1.example.com
  An LDAP client connects to one of the servers over SSL using the name ds.example.com. We want to generate a certificate using the name ds.example.com and use it on both directory servers.
  If we generate a CSR using DSCC on server 1 and get back a signed certificate, the certificate can be installed correctly on server 1. However, if we use the same signed certificate on server 2 it fails with error:
  Unable to find private key for this certificate.
  Failed to add the certificate.
  Error executing the operation. The error code is 11.
  What is the correct way to generate one CSR, have it signed by a CA and then implement this signed certificate on multiple servers?
  /rolf

  From one Directory Server (ds1) generate CSR with the name ds.example.com in the request. Once you get the signed cert import it into the same server you generated CSR with. Then from ds1.example.com :
  scp -p <slapd install/instance path>/alias/* <account>@ds2.example.com:<slapd install/instance path>/alias/
  to copy the contents of the alias path to the same location on the other Directory Server. Make sure file permissions are the same.