Submit a ticketCall us

Webinar: Web Help Desk for HR, Facilities and Accounting Departments
This webinar will focus on use cases for HR, Facilities and Accounting.

Having a unified ticketing and asset management system for all the departments in your company can provide end-users with a seamless experience and make things easier for your IT team. Yet, with different business tasks and objectives, many departments don’t fully understand the capabilities of Web Help Desk and how the software can be customized for effective use in their departments.
Register Now.

Home > Success Center > Database Performance Analyzer (DPA) > Import certificates to DPA for directory service integration

Import certificates to DPA for directory service integration

Created by Anthony.Rinaldi_ret, last modified by Anthony.Rinaldi_ret on Feb 01, 2017

Views: 178 Votes: 0 Revisions: 4

Updated July 5, 2016


You can configure DPA with your company's directory service by clicking Options > Administration > Configure AD/LDAP.

If you configure DPA to communicate over SSL with the AD/LDAP server, and the certificate provided by the server is not trusted by DPA, the configuration wizard offers to import the root certificate authority (CA) certificate or the server certificate as trusted:

  • Root CA certificate is the trust anchor of the trust chain provided by a server. If you import the root CA certificate as trusted, all server certificates whose trust chain is rooted at the root CA certificate will be trusted.
  • Server certificate is a certificate of the AD/LDAP server DPA is connecting to. The certificate may be self-signed or at the bottom of a trust chain that consists of multiple certificates.

Import the root CA certificate if you have multiple AD/LDAP servers in your domain, and DPA is configured to connect to the domain, rather than to a specific server. If you import the server certificate in this scenario, DPA can only establish SSL connections with one of your LDAP servers. Subsequent logins to DPA with LDAP accounts may seem to intermittently fail.


  • DPA 10.2 and later


Obtain the root CA certificate

DPA attempts to resolve the root CA certificate by analyzing certificates provided in the SSL handshake with the AD/LDAP server. If the root CA certificate is not present, DPA issues an LDAP query to the LDAP server using the credentials specified in the wizard. The query searches for objects with the CACertificate attribute.

You can configure the query parameters with the following properties in the <DPA_dir>/iwc/tomcat/webapps/iwc/WEB-INF/classes/properties/ file:


You must restart DPA for the new property values to take effect.

Import the certificates manually

You can import certificates manually into the custom DPA trust store. See these articles for more information:





Last modified
14:10, 1 Feb 2017