Which certificate type do you need to configure the vault for LDAP over SSL?
Which certificate type do you need to configure the vault for LDAP over SSL?
To configure the vault for LDAP over SSL, you need the CA Certificate that signed the certificate used by the External Directory. This is because the Vault needs to validate and trust the certificate presented by the LDAP server, and importing the CA Certificate that signed the LDAP server's certificate is the proper way to establish this trust.
the answer is A https://docs.cyberark.com/PAS/12.6/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm
the answer is A "On the Vault machine, import the CA Certificate that signed the certificate used by the External Directory into the Windows certificate store to facilitate an SSL connection between the Vault and the External Directory (recommended)." Source: CyberArk Documentation
Is correct as this is local between the AD and the Vault
The Vault application must validate the LDAPS certificate, so it needs to accept the CA certificate as a trusted issuer.
Configure LDAP over SSL connections (recommended): On the Vault machine, import the CA Certificate that signed the certificate used by the External Directory into the Windows certificate store to facilitate an SSL connection between the Vault and the External Directory (recommended). ADAC
A is the correct answer