Support Support Downloads Knowledge Base Juniper Support Portal Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Archive] [SBR] How to create or generate 'cert7.db' and 'key3.db' files to enable LDAPS



Article ID: KB23256 KB Last Updated: 20 Dec 2019Version: 5.0
This article provides information on how to create or generate the cert7.db and key3.db files to enable LDAPS. These files are required from the LDAP server's Root certificate, for the activation of LDAPS on SBR.
How to create or generate the cert7.db and key3.db files to enable LDAPS.
Installing an Enterprise Certificate Authority on a Windows 2000/2003/2008 Domain Controller:

All Domain Controllers in the forest will automatically enroll for and install the appropriate certificate, when the process is complete. By default, LDAPS will be enabled on the Domain Controllers and can be accessed via the SSL port 636.


On the Active Directory server, open the MMC snap-in to export the Trusted Root certificate, which is used by Active Directory. Add the snap-in for Certificates/Local Machine.

In the Trusted Root Certification Authority folder, you should see the machine’s root certificate; this is the Enterprise Certificate Authoritie's root certificate. Right-click it and select all tasks/export. Select all the default options to save the file.

Now that the server certificate from Active Directory is exported, you must import it by using an older version of Netscape 4.73 or earlier.
  1. Open Netscape Navigator and go to File > Open Page:


    Select the required certificate:

    Note: The certificate should be in the .cer format. To change it, rename the certificate with the .cer extension.


    On the subsequent windows, click Next:

  4. In the Name field, type the short name of the certificate as required and click Finish.

  5. The cert7.db and key3.db files can be found in C:\Program Files\Netscape\Users\default.

  6. Copy the two files, save them in another location in C drive (for example: c:/cert), and mention the location path in Idapauth.aut.

  7. Create a new section - Certificates under the [setting] section in the ldapauth.aut file and provide the location path of the files.
Modification History:
2019-12-20: Archived article.
Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search