Submit a ticketCall us

WebinarVisual Monitoring Tactics: Getting More Log Search Value from SolarWinds Log & Event Manager with nDepth Webcast

Do things seem to make more sense when they are visualized? Are you an IT professional or security expert with a wish for more cybersecurity tools that provide an intuitive visual experience? Join Alexis Horn and Jamie Hynds from SolarWinds as they demonstrate how the nDepth feature in LEM can help make visualizing log search results a reality.

Register now.

Home > Success Center > Database Performance Analyzer (DPA) > DPA - Knowledgebase Articles > Import certificates to DPA for directory service integration

Import certificates to DPA for directory service integration

Created by Anthony.Rinaldi_ret, last modified by Anthony.Rinaldi_ret on Feb 01, 2017

Views: 1,470 Votes: 0 Revisions: 4

Updated July 5, 2016


You can configure DPA with your company's directory service by clicking Options > Administration > Configure AD/LDAP.

If you configure DPA to communicate over SSL with the AD/LDAP server, and the certificate provided by the server is not trusted by DPA, the configuration wizard offers to import the root certificate authority (CA) certificate or the server certificate as trusted:

  • Root CA certificate is the trust anchor of the trust chain provided by a server. If you import the root CA certificate as trusted, all server certificates whose trust chain is rooted at the root CA certificate will be trusted.
  • Server certificate is a certificate of the AD/LDAP server DPA is connecting to. The certificate may be self-signed or at the bottom of a trust chain that consists of multiple certificates.

Import the root CA certificate if you have multiple AD/LDAP servers in your domain, and DPA is configured to connect to the domain, rather than to a specific server. If you import the server certificate in this scenario, DPA can only establish SSL connections with one of your LDAP servers. Subsequent logins to DPA with LDAP accounts may seem to intermittently fail.


  • DPA 10.2 and later


Obtain the root CA certificate

DPA attempts to resolve the root CA certificate by analyzing certificates provided in the SSL handshake with the AD/LDAP server. If the root CA certificate is not present, DPA issues an LDAP query to the LDAP server using the credentials specified in the wizard. The query searches for objects with the CACertificate attribute.

You can configure the query parameters with the following properties in the <DPA_dir>/iwc/tomcat/webapps/iwc/WEB-INF/classes/properties/ file:


You must restart DPA for the new property values to take effect.

Import the certificates manually

You can import certificates manually into the custom DPA trust store. See these articles for more information:





Last modified