Use self-signed or privately-signed certificate with LDAP
If you configure your LDAP integration to connect to your server using SSL, you may need to import your server's certificate into a new truststore to be used by the Contrast JRE.
To begin, acquire the server's certificate from your administrators in PKCS#12 format. If you're using a self-signed certificate, this is the actual LDAP server's certificate. If you have a private certificate (CA), you need the CA certificate for that server.
Once you have the certificate for the server, import it into the truststore used by the JRE running Contrast. Run the following command as an administrator from a command shell in the directory where Contrast is installed.
$ jre/bin/keytool -import -file <path to certificate> -alias <hostname> \-keystore <ts install>/jre/lib/security/cacerts
You should now restart the Contrast server service, and verify that queries against LDAP now use SSL.